A recent spam attack targeting various open source platforms such as Mastodon, Misskey, and others, has highlighted the vulnerabilities of the decentralized social web known as the Fediverse. The attack, which focused on smaller Mastodon servers, exploited open registrations to automate the creation of spam accounts. Mastodon’s founder and CEO Eugen Rochko acknowledged the attack in a post over the weekend, advising server administrators to switch over registration to approval mode and block disposal email providers to combat the issue.
Rochko mentioned that while previous spam attacks had mostly targeted larger servers like Mastodon.social, this time the spammers focused on smaller and abandoned servers with open registrations, allowing them to create accounts and generate spam more easily.
Image Credits: Eugen Rochko on Mastodon
This automated spam attack was reportedly prompted by a dispute on Discord, where one faction attempted to get the other faction’s Discord server banned. The attack targeted not only Mastodon but also Misskey, an open source decentralized blogging platform using the same protocol as Mastodon.
The attack underscored the vulnerability of the Fediverse due to the structure of Mastodon as open source software for anyone to install on their server, making smaller servers susceptible to attacks, especially if they offered open registrations without daily monitoring.
Concerned server admins collaborated to compile lists of abandoned instances for other admins to use as blocklists. Some servers were even shut down, while the popular third-party app Ivory from Tapbots released an emergency update to address the spam issue.
As of now, the attack seems to be subsiding, with server administrators reporting a decrease in spam accounts. However, the incident has sparked mixed reactions among users, with some seeing it as an opportunity to address weaknesses in the network’s structure, while others expressed frustration and criticized Rochko’s initial response.
The future of Mastodon in the growing decentralized social networking space remains uncertain, especially with the entrance of competing platforms like Instagram Threads and Bluesky, the latter posing a potential threat to Meta’s dominance in the Fediverse.
