this post was submitted on 21 Feb 2024
1 points (100.0% liked)

lemmy.ml meta

1406 readers
1 users here now

Anything about the lemmy.ml instance and its moderation.

For discussion about the Lemmy software project, go to [email protected].

founded 3 years ago
MODERATORS
 

This might spark outrage but can we note ips to accounts so if they mass register, other servers get notified through federation and deactivate those (new) accounts or block registration at all?

The idea would be:

  • I register an acocunt, my ip gets noted, I assume they federate immediately?
  • i register another account on the same ip since no relog/isp change happened, my ip came through federation, i dont get blocked since this could have been a mistake
  • i register another account, gets blocked for mass registration

The obvious way around this would be changing your ip constantly but its at least uncomfortable for an attacker.

Now comes the kicker:

  • I start spamming, get banned
  • I spam with another account, same ip, same ban reason on another server, ip ban gets triggered since they’re close in time
  • ip ban shuts me down for 12 hrs? i will change the ip anyway but it slows down the attack again and makes automation hard.

Feel free to poke holes in this. i‘m trying to find solutions, not be right. But please be gentle, I‘m trying to help.

top 11 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 9 months ago (1 children)

IP bans suck, they're not a good idea even if not federated.

I don't think there's a real solution to spam on the fediverse unless it's limiting stuff to closed-registration instances.

[–] [email protected] 0 points 9 months ago (1 children)

Feel free to argue why IP bans suck. So far, it has been „can be abused“ and „might hit innocents on occasion“ which both is the case for every rule and even law we have in the world. Closed registration is the same thing imo just implemented differently.

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago)

CGNAT IPs are shared by a wide range of customers, so you could unintentionally cut off an entire community in one go.

https://en.m.wikipedia.org/wiki/Carrier-grade_NAT

The only good scenario that IP bans work is if they are static, but there's not an easy way of checking that.

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago) (1 children)

IP is not identity. They're usually dynamic and whoever had one last isn't the same thing that had it next.

Ipv4 addresses are scarce and even very large organizations may use same exit addresses with NAT or proxy or other connection tracking. Entire cities have been banned by services that didn't understand this.

It also would not be effective. Bad actors can easily circumvent it and good ones will often decide your service doesn't work and isn't worth using. Not to mention that it's better to let a thousand guilty go than to punish one who is innocent.

Very short blocks or heavy rate limits can be useful for flood control, though.

[–] [email protected] 0 points 9 months ago

I agree, its not great in those cases. My idea wasnt a permanent ban of the ip since I know how this works. I‘m an admin.

I‘m analyzing the patterns and they’re not really flooding the system, they’re single accounts, posting once from different instances.

To combat this, we need to see what action we want to prevent. Ideally, the computer of the person posting this would explode. That not being possible, we‘re kind of limited.

In the case of the recent attacks it has first been a text, which probably got banned by an automod, then they resorted to pictures. We have software that can detect csam and delete it. I dont know if this would work with a picture like the spam pic they sent around. Maybe.

[–] [email protected] 0 points 9 months ago* (last edited 9 months ago) (1 children)

If you're thinking of the recent spam wave, they were using Tor. It's reasonably easy to block all Tor traffic. However, then you block all Tor users. You can't identify one Tor user from another, which is pretty much the point of Tor.

[–] [email protected] 0 points 9 months ago (1 children)

Thanks for pointing this out.

I feel like there is great potential for a „brace“ action federating in case of an attack where maybe tor stops functioning when one or more (trusted) servers recognize an attack.

This could include disabling tor for a certain amount of time.

Maybe we should also disable posts without comment history or account age of x. Then again, we could disable accounts from posting that have lain dormant for x amount of time.

Literally tons of ways to combat this.

[–] [email protected] 0 points 9 months ago

Have you heard of Fediseer? Instances guarantee each other, and if there is say a spam attack from an instance, the instance that guaranteed them could remove the guarantee then any instance that syncs their federation to Fediseer would be defederated until the instance was guaranteed again. There's a bit more to it, but that's the basics.

Rest assured, where there are problems there are people working on solutions! But things take time

[–] [email protected] 0 points 9 months ago (2 children)

But this will definitely ban all VPNs

[–] [email protected] 0 points 9 months ago

I havent thought of the many people using those.

Maybe to combat this, people with von could use email verification. I know its back to square one in terms of privacy but there are email aliases after all.

The other solution I could think of is account age/comment number or karma.

[–] [email protected] 0 points 9 months ago

Yeah, there are numerous reasons told people would come from the same IP. And then once they realize that you're doing that they'll just spoof their IPs.