Follow

In an attempt to reduce registration spam that has lately been affecting some Mastodon servers on Masto.host I will be applying a custom patch to Mastodon v3.2.1.

This will require a restart of instances hosted on Masto.host and cause ~30 seconds of downtime.

You can read the details here: masto.host/testing-custom-code

Do let me know if you notice any registration problems with this patch and if you were getting regular spam registrations see if there is any reduction in the next days.

· · Web · 3 · 9 · 12

The patched has been applied to all Mastodon servers on Masto.host

Please let me know if you notice any registration issues or have any questions.

Also, if you were getting regular spam registrations and would like to report if after this patch you notice any change or not, please do.

Thanks 🐘

@mastohost This is great work, thanks. I would like the option of making an instance invite-only, or friends-of-friends particularly, rather than all-open or all closed.

Also - is federated data sent in clear text or encrypted in some fashion? Could there be a shared private key among federated instances?

@mark Thanks.

You can change the instance to invite-only. Got to Preferences->Administration->Site Settings and change the "Registration Mode" either to "Approval Required to Sign Up" and the visitors will see a form where they can request an invite. Or you can change it to "Nobody can Sign Up" and in this case there is no sign up form but in Preferences->Moderation->Invites you can generate invites to send to the people you want to join.

@mark About encryption, the communication is all done via TLS/SSL but the messages go in plain text.

There is currently some work being done to implement end-to-end encryption for direct messages: github.com/tootsuite/mastodon/ but it's still in development

@mastohost Also want to create a new admin user as the default user one follows, rather than my personal account.

@mark You can create a new account and then in your current admin go to Preferences->Moderation->Accounts and find the account you want to make admin. Click to view the account details and you will find a Promote button. Click the Promote button on a regular user and the user becomes Moderator, click the Promote button on a Moderator and the it becomes admin.

@mark About who is followed when they sign up. You can change that in Preferences->Administration->Site Settings under "Default follows for new users"

@mastohost Okay, it's coming close to invite stage. Thanks for your help. I'm wondering would it be possible to get a few forwards from emails @freegaff.club on the MX records?

@mark Well the MX records were not changed when hosted with me. So, if you have a email hosting service, you can use it without a problem. It is independent from the Mastodon server.

@mastohost New users coming in on an invite link to not automatically follow user w00t, even though it's listed in the Admin Site settings as an automatic follow.... ?
#mastodon #user #registration

@mark I am not sure how it works when they come via invite. I know that when you generate an invite you have a check box to make them follow you (the user that generated the invite).
Not sure if there is any bypass to the auto follow if the user comes from an invite. I suggest you ask on discourse.joinmastodon.org/ to see if someone from the community knows the answer to that.

@mastohost One more question - can you implement TOR network access to mastodon instances?

@mark No, currently Tor is not possible using my platform. You need to host Mastodon yourself if you want to implement Tor.

@mastohost If you wanted to make the fediverse another conduit for content alongside Insta, FB, YouTube, Twitter, Discord etc, how would an existing content provider who currently shares on all of these media go about also making their posts available across ActivityPub in a subscribable form?

@mastohost A lot of people stay on facebook, insta "for business" (including myself). Sole traders sharing expertise or making things to be sold, or who have channels to which you can subscribe - how can they easily add #Mastodon and the #fediverse to the list of media available for #syndication?

@mark Well, the same way you point people to your Instagram account or other channels. You can point them to your profile on Mastodon, no?

@mastohost Exactly - that would be good to know for the sole traders, practitioners and publishers who currently connect with their audience using these media, that they can do this via mastadon too.

Specialised instances as "places" for writers, artists, performers could be anchored to actual places, like venues, publishers or studios which you could "visit" and subscribe to.

This may even exist already. I've yet to explore the federation aspect of the setup. Thanks again for your help.

@mark Well, about sharing the content you can use the multiple cross platform sharing tools that are around.

About making it 'subscribable', they can use the RSS that is built into any profile on Mastodon, example for your profile: freegaff.club/@mark.rss

@mastohost Thank you! Rate-limiting for the submission of forms is something that should just be built-in to *everything* by this point! Thanks for creating it.

@mdm for now it is working. The spam registration that was going on for weeks is now down to zero, let's hope they don't find a work around.

@mastohost Oh, they could find a workaround, but it would be a _slow_ one, right? 😆

@mdm well, in theory it would take at least 3 seconds per request. So, they could make 20 registrations a minute. Still a big pain if they really wanted to be like that but I never seen nothing close to those even before implementing these "traps". It's just more work they would need to put into building a throttling mechanism.
Also, at those volumes probably IP blocking would work because it's hard to use a unique IP for each request when we are talking a volume like that.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!