This might spark outrage but can we note ips to accounts so if they mass register, other servers get notified through federation and deactivate those (new) accounts or block registration at all?
The idea would be:
- I register an acocunt, my ip gets noted, I assume they federate immediately?
- i register another account on the same ip since no relog/isp change happened, my ip came through federation, i dont get blocked since this could have been a mistake
- i register another account, gets blocked for mass registration
The obvious way around this would be changing your ip constantly but its at least uncomfortable for an attacker.
Now comes the kicker:
- I start spamming, get banned
- I spam with another account, same ip, same ban reason on another server, ip ban gets triggered since they’re close in time
- ip ban shuts me down for 12 hrs? i will change the ip anyway but it slows down the attack again and makes automation hard.
Feel free to poke holes in this. i‘m trying to find solutions, not be right. But please be gentle, I‘m trying to help.
IP is not identity. They're usually dynamic and whoever had one last isn't the same thing that had it next.
Ipv4 addresses are scarce and even very large organizations may use same exit addresses with NAT or proxy or other connection tracking. Entire cities have been banned by services that didn't understand this.
It also would not be effective. Bad actors can easily circumvent it and good ones will often decide your service doesn't work and isn't worth using. Not to mention that it's better to let a thousand guilty go than to punish one who is innocent.
Very short blocks or heavy rate limits can be useful for flood control, though.
I agree, its not great in those cases. My idea wasnt a permanent ban of the ip since I know how this works. I‘m an admin.
I‘m analyzing the patterns and they’re not really flooding the system, they’re single accounts, posting once from different instances.
To combat this, we need to see what action we want to prevent. Ideally, the computer of the person posting this would explode. That not being possible, we‘re kind of limited.
In the case of the recent attacks it has first been a text, which probably got banned by an automod, then they resorted to pictures. We have software that can detect csam and delete it. I dont know if this would work with a picture like the spam pic they sent around. Maybe.