ghost
commented
2 years ago This spammer reappeared at a new address that doesn't seem to be from mullvad VPN, 149.202.133.104
Closed ghost closed 1 year ago
ghost
commented
2 years ago This spammer reappeared at a new address that doesn't seem to be from mullvad VPN, 149.202.133.104
andrew712-1
commented
2 years ago Is it ethical to post IPs publicly? Couldn't this IP be of some dude who got a rootkit/malware and then a hacker is exploiting his PC through it and then you share the dude's IP even though he doesn't have anything to do with whatever the hacker is doing? Is this scenario reasonable?
ghost
commented
2 years ago Is it ethical to post IPs publicly? Couldn't this IP be of some dude who got a rootkit/malware and then a hacker is exploiting his PC through it and then you share the dude's IP even though he doesn't have anything to do with whatever the hacker is doing? Is this scenario reasonable?
The IP address isn't private information, and it's useful for other admins who may want to block it.
tcitworld
commented
2 years ago The IP address isn't private information, and it's useful for other admins who may want to block it.
French law says it is.
ghost
commented
2 years ago The IP address isn't private information, and it's useful for other admins who may want to block it.
French law says it is.
My server isn't french, and anyway nothing is correlated with the IP address.
ghost
commented
2 years ago If nobody else on this website is actually trying to block spam I may as well delete this issue. Are we even interested in blocking spam? IP blacklists have been a ubiquitous tool for this for the entire life of the internet. Obviously they aren't perfect but we need something, and in this case my IP blocks seem to be effective.
kontrollanten
commented
2 years ago At my instance we haven't got any problems with spam yet and therefore we don't care about it ;-) Jokes aside, it would be really good to have a way of handling this kind of issues.
Clearly a captcha would do the job, but I think there should be some measure of protection in the default codebase since I imagine this spammer is running the same attack against all PeerTube servers with public signups.
I'm sorry but I don't get the last part. Why wouldn't a captcha alone solve the spam issues?
ghost
commented
2 years ago Why wouldn't a captcha alone solve the spam issues?
I was talking about the default configuration: most instances don't use a captcha. Having one in the default configuration may or may not be viable, since the ones that are actually popular and effective tend to be services rather than standalone programs.
andrew712-1
commented
2 years ago Why wouldn't a captcha alone solve the spam issues?
I was talking about the default configuration: most instances don't use a captcha. Having one in the default configuration may or may not be viable, since the ones that are actually popular and effective tend to be services rather than standalone programs.
We could use a FLOSS Captcha like https://github.com/produck/svg-captcha
Any captcha is better than no captcha.
Chocobozzz
commented
1 year ago Hello,
I'm closing this discussion:
I've been trying to deal with a specific type of spam on my server that I wanted to make the server operator community more generally aware of, and perhaps we can include some mitigations for this in upcoming releases.
The pattern I'm seeing is that someone connects via a VPN (mullvad, in this case) and issues POST requests to create users (without going through the client UI). The users have random names that have a common format, 12 characters all lowercase letters. Some sample usernames:
The email addresses they supply seem to be the point of the spam: the addresses are typically support or abuse addresses at other websites, or addresses that seem like they might be on a list of harvested addresses to test for validity. I'm not sure what the spammer's goal is here, it could be simply to cause annoyance or they could be looking for some kind of automated behavior related to the links included by PeerTube in the verification email.
At this point I'm inclined to believe it's just someone using a script to send nuisance emails using PeerTube signups. The last batch of them I noticed had some racial slurs included in the destination emails.
Even though it seems like the username pattern might be a workable way to block these, my approach so far has been to block the VPN they're using. I don't have a specific list of the exit IPs they're using, so for now I cast a pretty wide net with the blocks. If anyone else is interested in this approach, the following script will generate a list of netmasks to block for a /24 surrounding each mullvad endpoint:
https://gist.github.com/scanlime/3ff4b077350e4ce9f6d28e7ac224e856
I feel like it would be useful to make it a little harder to programmatically send emails via PeerTube, at least, via some API changes. Maybe a computationally expensive challenge/response that's answered by the client javascript code. Clearly a captcha would do the job, but I think there should be some measure of protection in the default codebase since I imagine this spammer is running the same attack against all PeerTube servers with public signups.