This might spark outrage but can we note ips to accounts so if they mass register, other servers get notified through federation and deactivate those (new) accounts or block registration at all?

The idea would be:

  • I register an acocunt, my ip gets noted, I assume they federate immediately?
  • i register another account on the same ip since no relog/isp change happened, my ip came through federation, i dont get blocked since this could have been a mistake
  • i register another account, gets blocked for mass registration

The obvious way around this would be changing your ip constantly but its at least uncomfortable for an attacker.

Now comes the kicker:

  • I start spamming, get banned
  • I spam with another account, same ip, same ban reason on another server, ip ban gets triggered since they’re close in time
  • ip ban shuts me down for 12 hrs? i will change the ip anyway but it slows down the attack again and makes automation hard.

Feel free to poke holes in this. i‘m trying to find solutions, not be right. But please be gentle, I‘m trying to help.

    • linearchaos@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      10 months ago

      Yeah, there are numerous reasons told people would come from the same IP. And then once they realize that you’re doing that they’ll just spoof their IPs.

    • haui@lemmy.giftedmc.comOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      10 months ago

      I havent thought of the many people using those.

      Maybe to combat this, people with von could use email verification. I know its back to square one in terms of privacy but there are email aliases after all.

      The other solution I could think of is account age/comment number or karma.

  • XTL@sopuli.xyz
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    10 months ago

    IP is not identity. They’re usually dynamic and whoever had one last isn’t the same thing that had it next.

    Ipv4 addresses are scarce and even very large organizations may use same exit addresses with NAT or proxy or other connection tracking. Entire cities have been banned by services that didn’t understand this.

    It also would not be effective. Bad actors can easily circumvent it and good ones will often decide your service doesn’t work and isn’t worth using. Not to mention that it’s better to let a thousand guilty go than to punish one who is innocent.

    Very short blocks or heavy rate limits can be useful for flood control, though.

    • haui@lemmy.giftedmc.comOP
      link
      fedilink
      arrow-up
      2
      ·
      10 months ago

      I agree, its not great in those cases. My idea wasnt a permanent ban of the ip since I know how this works. I‘m an admin.

      I‘m analyzing the patterns and they’re not really flooding the system, they’re single accounts, posting once from different instances.

      To combat this, we need to see what action we want to prevent. Ideally, the computer of the person posting this would explode. That not being possible, we‘re kind of limited.

      In the case of the recent attacks it has first been a text, which probably got banned by an automod, then they resorted to pictures. We have software that can detect csam and delete it. I dont know if this would work with a picture like the spam pic they sent around. Maybe.

  • amio@kbin.social
    link
    fedilink
    arrow-up
    7
    ·
    10 months ago

    IP bans suck, they’re not a good idea even if not federated.

    I don’t think there’s a real solution to spam on the fediverse unless it’s limiting stuff to closed-registration instances.

    • haui@lemmy.giftedmc.comOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      10 months ago

      Feel free to argue why IP bans suck. So far, it has been „can be abused“ and „might hit innocents on occasion“ which both is the case for every rule and even law we have in the world. Closed registration is the same thing imo just implemented differently.

  • Dave@lemmy.nz
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    10 months ago

    If you’re thinking of the recent spam wave, they were using Tor. It’s reasonably easy to block all Tor traffic. However, then you block all Tor users. You can’t identify one Tor user from another, which is pretty much the point of Tor.

    • haui@lemmy.giftedmc.comOP
      link
      fedilink
      arrow-up
      2
      ·
      10 months ago

      Thanks for pointing this out.

      I feel like there is great potential for a „brace“ action federating in case of an attack where maybe tor stops functioning when one or more (trusted) servers recognize an attack.

      This could include disabling tor for a certain amount of time.

      Maybe we should also disable posts without comment history or account age of x. Then again, we could disable accounts from posting that have lain dormant for x amount of time.

      Literally tons of ways to combat this.

      • Dave@lemmy.nz
        link
        fedilink
        arrow-up
        3
        ·
        10 months ago

        Have you heard of Fediseer? Instances guarantee each other, and if there is say a spam attack from an instance, the instance that guaranteed them could remove the guarantee then any instance that syncs their federation to Fediseer would be defederated until the instance was guaranteed again. There’s a bit more to it, but that’s the basics.

        Rest assured, where there are problems there are people working on solutions! But things take time