Hello Mastodon admins. I'm looking for input on how to prevent spam. We were overrun during the holidays when I was distracted by other things. I have anti-spam turned on but it doesn't seem to do anything. What do you do (besides active moderation)?
@leo we go with invite only, which probably doesn’t fit your model very well.
But approvals would slow them down significantly, and is far less labor intensive.
@leo for my instance, I have Registration Mode in Site Settings set to 'Approval required'. I have included a paragraph in the 'Server Rules' stating that new users must enter something in the 'Why do you want to join?' field at sign-up. However, I have UNchecked 'Require new users to enter a reason to join' in Site Settings. This helps me to spot genuine sign-ups (who read the rules) and more easily see the bots (who either ignore the "optional" text field or will fill it with spammy nonsense).
@leo you're welcome! Another tactic is to keep an eye on the email addresses on new accounts (or the requests if you go that route). If you're getting a lot of new accounts registered to addresses all coming from the same (usually sketchy looking) root domain then just add it to the 'Blocked Email Domains' list for a couple of days.
@leo We get right-wing attacks sometimes on our activism and campaign instances. We remove the accounts when the cross the line and turn on moderation for sign up so people have to type a resion spammers and right-wing nutters have limited attention spans so this stops it for a while but the issues do come back.
sysadmin help filtering spam
@leo You should be able to filter e-mail domains from registration, that helps a little if you can see a pattern from the accounts trying to register. I would also recommend requiring a message during registration so you can at least filter out anyone who doesn't read your CoC or ToS. Additionally, I would recommend requiring administrator / moderator approval for registrations, that way even if you get a lot of registration applications, they won't immediately become accounts.
On my end, I went ahead and disabled registration altogether. You could do this and then still enable registration invites for administrators / moderators, then set up a 3rd party way of sending registrations so that spam bots don't just use the API or template HTML pages to fill out registration froms. Hope that all helps.
A Mastodon instance dedicated to TWiT listeners. Think of a Twitter just for geeks, sharing content with other Mastodon servers all over the world. If you're a TWiT fan, consider this your home! Our TWiT Forums live at TWiT Community. Post conversation starters there. TWiT.social is for quick thoughts, fun pictures, and other ephemera. Keep it clean, keep it friendly. Looking forward to your Toots!