this post was submitted on 22 Jun 2023
59 points (100.0% liked)

/kbin meta

16 readers
2 users here now

Magazine dedicated to discussions about the kbin itself. Provide feedback, ask questions, suggest improvements, and engage in conversations related to the platform organization, policies, features, and community dynamics. ---- * Roadmap 2023 * m/kbinDevlog * m/kbinDesign

founded 1 year ago
 

It looks like a new spamming tactic will be to set up your own instance and then just mass spam to other instances from there. Case in point, vive.im I've been noticing spam in one magazine from a user of this. I banned them, but they can still post for some reason. Decided to visit the instance and it looks like some default front page with '3' active users. If you look at the user's account on there they've made 12k posts already and seem to have a script set up to push their blogspam 3-4 times per minute.

  1. We need a clear process to report and get these kinds of things removed quickly.

  2. Bans need to work properly and stop these users from posting.

top 26 comments
sorted by: hot top controversial new old
[–] Noki@kbin.social 20 points 1 year ago

@ernest , that server has no Public info at all - can we limit/silence or defedrate it ?

[–] TheOneCurly@feddit.online 14 points 1 year ago (3 children)

As a user on kbin you can block a whole domain. That definitely works on the post level and I would assume the comment level as well but I haven't tested that part.

[–] crossmr@kbin.social 13 points 1 year ago

Unfortunately I'm looking at this from the perspective of a moderator, and the issue is that despite being banned, they can still post to the microblog.

[–] gk99@kbin.social 12 points 1 year ago (3 children)

I haven't had success with this. I tried blocking feddit.de and lemmy.ml, and kept getting posts from both.

[–] Books@kbin.social 4 points 1 year ago (1 children)

how do you block them? I would also like to block those two.

[–] 567PrimeMover@kbin.social 14 points 1 year ago (1 children)

on kbin at least you can go to kbin.social/d/<domain you want to block> and click the little 🚫next to the subscribe button.

[–] FarceOfWill@fedia.io 1 points 1 year ago

I think it blocks content from that domain not posts, so if someone there posts a YouTube link you still see it

[–] Raffster@kbin.social 1 points 1 year ago

That does not work unfortunately...

[–] SirNuke@kbin.social 14 points 1 year ago* (last edited 1 year ago) (3 children)

Seems like manually approving new instances before they are allowed to push content to Kbin would be a good idea. Shouldn't gatekeep but blindly accepting them means playing an endless game of whack-a-mole.

[–] duringoverflow@kbin.social 15 points 1 year ago (1 children)

i don't agree. I think it is important to maintain a blacklist instead of a whitelist where people would then submit what they need to add which will then will need to be approved etc. It will decrease the federated experience.

[–] crossmr@kbin.social 6 points 1 year ago (2 children)

That only works if you have a group of responsive admins who can watch that for abuse. It really hasn't taken long for someone to figure out how to abuse that for spam.

[–] SirNuke@kbin.social 7 points 1 year ago* (last edited 1 year ago) (1 children)

I'm inclined to say I'm not a fan of my idea on a philosophical level, but we can't ignore the practical considerations here either. Endlessly banning spam instances is not going to be fun and takes away time and effort on the admin's part that could be better spent on useful things. A site clogged by spam is also not going to be useful, in which case it doesn't matter how well you adhered to your principles.

These interests are competing, but I think there's a compromise to be found. I'm going to suggest rate limiting for new instances until they've produced a certain amount of content (so say until they've produced X comments+links with a minimum Y days), plus a system that automagically puts new instances in the timeout box if enough users report their content. Admins can manually skip the warm up period for new instances, and also review the timeout box to see if it's actually a concern.

[–] Haily@kbin.social 3 points 1 year ago

I think Lemmy may be doing something similar, actually. At least, I’ve noticed that smaller instances don’t seem to be federating nearly as well as larger instances. Obviously Mastodon have figured out a way around this as well, so it’s clearly doable.

[–] Books@kbin.social 1 points 1 year ago (1 children)

Can you share an example of an instance that is linked to kbin.social that has been spammy? I'm an example based learner, it will help me wrap my head around it.

[–] crossmr@kbin.social 3 points 1 year ago

vive.im as I said in the initial post. I think it's a single purpose instance made by that user just to spam his blog

[–] riskable@kbin.social 5 points 1 year ago

IMHO: We should retain automatic federation approval but with automated de-federation for bad behavior. Thresholds could be increased for "merely very active" instances so they don't get automatically defederated while newcomers get the threshold for "plebs" 😁

Example: If your instance has just a handful of users spamming like crazy or any number of users spamming the same content/links that would put your instance over such a ban threshold pretty fast.

[–] Moonstone@nerdbin.social 3 points 1 year ago

This doesn't seem ideal though, because newer instances will be silenced and never get a chance to grow. In any case, it would be reasonably easy to create a kbin and load it up with fake accounts anyways, to get the numbers up. A more standard approach is to simply look at the traffic coming from smaller kbins and if they are sending lots of requests, automatically remove the instance. This could still be caused by one bad actor making it's way onto a newer server though.

[–] ernest@kbin.social 3 points 1 year ago (3 children)

I'll try to take care of it today and potentially clean up the activity. For now, I've limited the traffic from that instance. I'm currently working on additional tools for moderators.

[–] crossmr@kbin.social 3 points 1 year ago

Thanks Ernest. I definitely think if we've blocked a user in a magazine the microblog shouldn't be picking up stuff from them, and we need to be able to turn on automatic hashtag pickup or not.

[–] crossmr@kbin.social 1 points 1 year ago

Hey Ernest, not sure if you did something or not, but still picking up posts from this guy

[–] crossmr@kbin.social 1 points 9 months ago

Hell Ernest, 7 months on, this is still an issue.

[–] Rairii@haqueers.com 2 points 1 year ago

@crossmr thanks for this post, this server has been involved in spam for almost two months so I alerted the microblog side of fedi

I noticed dnc@vive.im was followed by two kbin.social users, and kbin has an "interesting" feature where a microblog post goes into the magazine named after its first hashtag (if it exists), hence why your subs are getting them

i think the two kbin.social users might have followed this user by mistake. i checked their profiles and they both look legitimate to me.

[–] zakatak@kbin.social 1 points 1 year ago

I would like some kind of content-warning type situation, but where I can define what kind of content I want to restrict. And then, somehow, instances have tags associated which then apply to all of their users so that I can have a warning that users of a given instance have a reputation for sharing content that I would like a warning about first.

I would still want the content to be posted, but I would prefer that it requires me to actively unhide the content and default to always seeing it.