Over the last few days, there’s been an increasing problem with spam accounts from lemmy.blahaj.zone. It seems like they’re working on addressing this issue, at least in a one-at-a-time fashion, but it’s clear that they have not been able to proactively prevent the problem yet.

Of specific note, these accounts are posting links to offensive images. kbin.social doesn’t display these images inline (at least not for me), which is nice, but the fact that they’re being posted anywhere feels like a liability concern for kbin.social could be raised.

I don’t pretend to know what can or should be done to address this. I just wanted to bring it up, because @ernest should know about it.

Reference:

https://kbin.social/m/main@lemmy.blahaj.zone/t/675827/Here-s-another-spam-account

  • e0qdk@kbin.social
    link
    fedilink
    arrow-up
    7
    ·
    11 months ago

    Some ideas for anti-spam measures that might help:

    • block users who post flood – e.g. if an account makes 10 posts a minute, it’s a spammer
    • block accounts that end up massively in the negative shortly after they start posting – e.g. an account at -50 within 15 minutes of making its first post is probably a spammer (exact thresholds may need some tuning). Note that this is different from blocking new accounts that go into the negative since people can register accounts in advance of an attack and wait until later to cause disruption.
    • block users who post repetitive comments/links excessively – e.g. if the same link is in 10 comments/posts from the last hour or they’ve submitted the exact same comment a dozen times, the account is probably a spammer (again, thresholds may need tuning); that won’t catch all the bots (one of them added a bunch of random words) but will catch some of them. More clever filtering could catch the other bots.
    • block new posters who are reported many times by established accounts in good standing – at least until an admin can check what is going on
    • nicetriangle@kbin.social
      link
      fedilink
      arrow-up
      3
      ·
      11 months ago

      Yeah pretty solid recommendations. Sure they’d need some specific tuning but this kinda stuff seems very common sense.

    • Nougat@kbin.socialOP
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      I’m not entirely sure any of that would be effective in controlling visibility of spam accounts from other instances. I’m quite sure that up/down voting does not always federate perfectly. Those steps would all be effective in handling malicious accounts on the same instance they’re registered with, as long as their malicious posts and comments are also on that same instance; the effectiveness would certainly fall off sharply for content posted at other instances.

      I wonder if there needs to be some kind of “governance board,” like the NATO or EU of the fediverse, where major instance admins meet and set agreed upon standards of instance behavior.

      • e0qdk@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        We don’t need to depend on federated downvotes to judge what does or does not belong on kbin. In fact, I think it’s probably better if we don’t. People are downvoting the bots here. I have yet to see an account with negative rep. on kbin that wasn’t a spammer.

        Regardless, rate-limiting incoming posts will limit the damage and annoyance to us.

        I wonder if there needs to be some kind of “governance board,” like the NATO or EU of the fediverse, where major instance admins meet and set agreed upon standards of instance behavior.

        I’m not sure that would help with this particular issue – and there’s already a fair amount of bad relations between instances so I don’t think a wider fediverse board is likely to succeed even if it could help somehow… I guess instance admins that do agree on general moderation principles could help co-admin each other’s instances to cover better for when they’re offline (maybe some of them already do?), but we shouldn’t have to depend on remote admins being responsive to deal with an issue affecting our instance.