[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I stopped open registration for gnusocial.jp by DoS attack.
|
From: |
Administrator de Gnusocial.net |
|
Subject: |
Re: I stopped open registration for gnusocial.jp by DoS attack. |
|
Date: |
Wed, 28 Dec 2022 16:00:36 +0100 |
In case that it is useful to you:
- Enable "Autosandbox" plugin, so new accounts are sandboxed by
default (they don't appear in public timelines) until an admin
un-sandboxes them.
- Enable "RequireValidatedEmail" plugin, so only accounts with verified
email can post.
- Enable "RegisterThottle" plugin, so spam accounts registration is
mitigated.
I don't know any mitigation against "Password reset e-mail bomb", but
those plugins really help against the other two.
Besides that, there's something else about moderating large servers (I
don't know the number of accounts as your nodeinfo does not say it, but
fedidb.org says you have 154): you need more people, besides you, to
moderate, even if we are talking only about mitigating spam accounts,
and that need will increase with the number of accounts you host. This
is not a technical issue, but a social one.
About the harsh words about the developers: Diogo has said before that
he is busy right now, and that efforts are being put into version 3 of
Gnusocial, as you can see in https://codeberg.org/GNUsocial/gnu-social
I don't really get the complaint against Spookie, so I won't comment on
that. Anyway, I think it is quite unfair to say what you are saying.
El Wed, 28 Dec 2022 23:31:03 +0900
"SENOO, Ken" <develop@senooken.jp> escribió:
> I stopped open registration for gnusocial.jp by DoS attack.
>
> I posted about this in [告知:
> gnusocial.jpへのDoS攻撃とweb.gnusocial.jpの分散SNS参加 | GNU social
> JP](https://web.gnusocial.jp/post/2022/12/28/341/).
>
> My server gnusocial.jp is damaged by DoS attack following contents.
>
> - Password reset e-mail bomb.
> - A lot of regstration from bot.
> - A lot of post by bots.
>
> I am not familiar with security. So I stopped open registration for
> gnusocial.jp.
>
> gnu social has weak security functions. General registration
> reception is dangerous if targeted by attackers.
>
> By the way, recently, I posted these articles.
>
> - [告知: gnusocial.jpのGNU socialでの最大一般公開サーバー化 | GNU
> social JP](https://web.gnusocial.jp/post/2022/12/19/306/)
> - [Qvitter著者のGNU socialへの復帰 | GNU social
> JP](https://web.gnusocial.jp/post/2022/12/26/320/)
>
> I started gnusocial.jp on 2022-07. gnusocial.jp became largest open
> registration GNU social server (surely have many sleeping and spam
> accounts). Server cost is only 1.5 USD (220 JPY) per month! This is
> power of GNU social.
>
> gnusocial.jp also is only server for using Qvitter/Pleroma FE on GNU
> socialv2. And Qvitter author Hannes Mannerheim back on GNU social
> (<https://gnusocial.jp/hannes>)!
>
> This is my result of activity.
>
> If you are developers, you should use GNU social firstly. Apparently,
> spookie <https://outerheaven.club/users/spookie> uses mainly
> Pleroma/Akkoma (not GNU social!). I think if you do not use GNU
> social, you are not developers.
>
> Diogo, you do not merge, and ignored my PR
> <https://notabug.org/diogo/gnu-social/pulls/293>. I am very sad and
> disappointment for you.
>
> In first my article, new GNU social server started (social.076.moe,
> gnusocial-v2.cyberrex.jp). They are my acquaintance. I think these
> are my result of activity. And they would have same issue for my PR.
> If you merge my PR, they had no same problem. I think developers
> should stand as user firstly.
>
> Why did you ignore me? I think if you have no passion, you have
> better to step down development leader same as evan prodoromou and
> matt lee.
>
> I think money is the center pin (top priority) for continuing
> development. PeerTube also have same money trouble ([報道: PeerTube
> v5の公開 | GNU social
> JP](https://web.gnusocial.jp/post/2022/12/15/298/)).
>
> If we have enough money, we can employ by my self. Mastodon=Eugen
> Rochko succeeded earning money his patreon.
>
> Do you have business/strategy/idea? If you have no them, you cannot
> continue GNU social. I think donation is not enough. No activity, no
> life. People assume GNU social as dead if you have no activity.
>
> I started my business on web.gnusocial.jp. I keep updating my site
> everyday at least 2 months. This year 2022 is starting year. Surely I
> have no money now. I will start making money on 2023. I have some
> business ideas.
>
> I appreciated supporting ActivityPub on GSv2 on you. It is OK for
> ignoring/refusing me.
>
> If my business succeed (success of employing myself), I will start
> new GNU social site and continuing development GNU social alone, and
> gathering new developers. If it is success, you cannot catch up with
> me. I am an associate FSF member
> (https://www.gnu.org/thankgnus/2022supporters.html) also. I am
> serious.
>
> Hannes was gave up because western country was not interested in
> DSNS. Globally, Japan is the most active and important country for
> decentlized SNS (https://fedidb.org/network, pawoo.net/mstdn.jp are
> Japan). And I am only Japanese for current GNUsocial relating. If we
> have success in Japan, we have success in the world.
>
>
pgpKAwR27IWtS.pgp
Description: Firma digital OpenPGP