In an attempt to reduce registration spam that has lately been affecting some Mastodon servers on Masto.host I will be applying a custom patch to Mastodon v3.2.1.
This will require a restart of instances hosted on Masto.host and cause ~30 seconds of downtime.
You can read the details here: https://masto.host/testing-custom-code-to-fight-spam-registration-on-mastodon/
Do let me know if you notice any registration problems with this patch and if you were getting regular spam registrations see if there is any reduction in the next days.
@mastohost This is great work, thanks. I would like the option of making an instance invite-only, or friends-of-friends particularly, rather than all-open or all closed.
Also - is federated data sent in clear text or encrypted in some fashion? Could there be a shared private key among federated instances?
You can change the instance to invite-only. Got to Preferences->Administration->Site Settings and change the "Registration Mode" either to "Approval Required to Sign Up" and the visitors will see a form where they can request an invite. Or you can change it to "Nobody can Sign Up" and in this case there is no sign up form but in Preferences->Moderation->Invites you can generate invites to send to the people you want to join.
@mastohost Also want to create a new admin user as the default user one follows, rather than my personal account.
@mark You can create a new account and then in your current admin go to Preferences->Moderation->Accounts and find the account you want to make admin. Click to view the account details and you will find a Promote button. Click the Promote button on a regular user and the user becomes Moderator, click the Promote button on a Moderator and the it becomes admin.
@mark About who is followed when they sign up. You can change that in Preferences->Administration->Site Settings under "Default follows for new users"
@mark Well the MX records were not changed when hosted with me. So, if you have a email hosting service, you can use it without a problem. It is independent from the Mastodon server.
@mark I am not sure how it works when they come via invite. I know that when you generate an invite you have a check box to make them follow you (the user that generated the invite).
Not sure if there is any bypass to the auto follow if the user comes from an invite. I suggest you ask on https://discourse.joinmastodon.org/ to see if someone from the community knows the answer to that.
@mark No, currently Tor is not possible using my platform. You need to host Mastodon yourself if you want to implement Tor.
@mastohost If you wanted to make the fediverse another conduit for content alongside Insta, FB, YouTube, Twitter, Discord etc, how would an existing content provider who currently shares on all of these media go about also making their posts available across ActivityPub in a subscribable form?
@mark Well, the same way you point people to your Instagram account or other channels. You can point them to your profile on Mastodon, no?
@mastohost Exactly - that would be good to know for the sole traders, practitioners and publishers who currently connect with their audience using these media, that they can do this via mastadon too.
Specialised instances as "places" for writers, artists, performers could be anchored to actual places, like venues, publishers or studios which you could "visit" and subscribe to.
This may even exist already. I've yet to explore the federation aspect of the setup. Thanks again for your help.
@mastohost Thank you! Rate-limiting for the submission of forms is something that should just be built-in to *everything* by this point! Thanks for creating it.
@mdm for now it is working. The spam registration that was going on for weeks is now down to zero, let's hope they don't find a work around.
@mdm well, in theory it would take at least 3 seconds per request. So, they could make 20 registrations a minute. Still a big pain if they really wanted to be like that but I never seen nothing close to those even before implementing these "traps". It's just more work they would need to put into building a throttling mechanism.
Also, at those volumes probably IP blocking would work because it's hard to use a unique IP for each request when we are talking a volume like that.
The original server operated by the Mastodon gGmbH non-profit