is being spammed to death by Japanese 
high schoolers and there is nothing that can be done about it
Spammers are just creating accounts on instances that have no registration verification and creating thousands of posts that ping random people with images. The spam seems to originate from a group of Japanese script kiddies that just wanted to vandalise Misskey and now every instance is getting false-flag spam messages from thousands of accounts over thousands of instances.
The details are actually a bit fuzzy since it's all speculation outside of some discord screenshots and the spam that is actually sent, but it doesn't matter in the grand scheme of things. Since there's like thousands of tiny instances and nothing stops spammers from just making their own, the only guaranteed solution right now is to make a whitelist of servers that moderate account registration. I made one post on an irrelevant instance earlier and got three of these spam messages from different accounts on different instances.
https://mastodon.social/@Gargron/111953045633249137
There is an ongoing spam attack on the fediverse for the last couple of days. It's more widespread than before, as attackers are targeting smaller servers to create accounts. Before, usually only https://mastodon.social was targeted and our team could take care of it. For server administrators out there: If you don't need open registrations, switch over to approval mode. If you do, blocking disposable e-mail providers is a massive stopgap to the problem. Mastodon also supports hCaptcha.
I just have to point out that all of this is being done by a community of 12-15 year olds because ActivityPub is shit actually 
. The script to test for open registration nodes is literally this:
export async function isNoCapNoMail(host: string, softwareType: string) {
if (softwareType !== "misskey") {
return false;
}
const endpoint = `https://${host}/api/meta`;
try {
const res = await fetch(endpoint, {
method: "GET",
headers: {
"Content-Type": "application/json",
},
});
const json = await res.json();
if (json["emailRequiredForSignup"]) {
return false;
}
if (
json["enableHcaptcha"] ||
json["enableMcaptcha"] ||
json["enableRecaptcha"]
) {
return false;
}
return true;
} catch {
return false;
}
}
Someone's definitely improved this by now since it does more than just misskey, but you get the point. Just imagine the damage someone could do with an integrated captcha solver. Most ActivityPub software doesn't have any kind of middleware for handling incoming messages and maybe drop them based on filters, but that'll probably change soon.
I have found some more information on this CPTK, the japbros probably already knew but uhh:
They're just skids
Most of them are like kids (literal 11-14 year olds)
They have done many raids in the past, they DDoS'd 2chan back in 2022 and they've taken legal action against them
Their old group imploded due to infighting
According to the Karasawa Wiki (yeah that lawyer who got doxxed like 100 times for being a 2chan troll), their leaders have been doxxed, MULTIPLE times. And they're all kids.
Anyway good luck to Bluesky on their fediverse integration lol
Jump in the discussion.
No email address required.
Maybe the α's are gonna be alright after all
Jump in the discussion.
No email address required.
We just need our kids to be ready to defend Pearl Harbor in 15 years when these kids grow up to be little Fuchidas and Gendas.
Jump in the discussion.
No email address required.
Don't worry, Fortnite has prepared them!
Jump in the discussion.
No email address required.
Prepared for the victory dances yes. But prepared for the battle?
Jump in the discussion.
No email address required.
Fortnite teaches kids you can pay more money to have cooler stuff than the enemy.
That's how America won WWII isn't it?
Jump in the discussion.
No email address required.
Yeah but that was against poormany and japoors. Imagine a war against chinx industrial base and manpower, and russia/other assorted banana republics natural resources
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
Just in time to post this
Jump in the discussion.
No email address required.
Neighbor this should be painted on the Cistine Chapel.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
r-tard strength
alpha 
as fck 
literally 'I'm you but stronger'
Jump in the discussion.
No email address required.
More options
Context
They're japs not burgers
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Future of social media btw.
Jump in the discussion.
No email address required.
More options
Context
Jump in the discussion.
No email address required.
More options
Context
We should be doing this, especially once Bluesky federates.
Jump in the discussion.
No email address required.
It's called "BS" for a reason
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Jump in the discussion.
No email address required.
More options
Context
they are just stress testing
Jump in the discussion.
No email address required.
More options
Context
Oh that explains all the weird spam notifs im getting they come in like batches of 20 every few hours. Just a non issue I click read all notifs and go back to posting as usu
Jump in the discussion.
No email address required.
what is your fedi
Follower of Christ
Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
@[email protected]
Also follow
@Dramamine@seal.cafe
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
nostr wins again!
Jump in the discussion.
No email address required.
I tried nostr, but it was all politics and crypto. Was I just looking in the wrong places?
Jump in the discussion.
No email address required.
Follower of Christ
Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
More options
Context
No. Even Dorsey abandoned it.
Jump in the discussion.
No email address required.
More options
Context
no thats literally all it is now. well probably see more cows go there when bluesky dies or it gets activitypub support
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
based
Jump in the discussion.
No email address required.
More options
Context
Snapshots:
Japanese script kiddies that just wanted to vandalise Misskey:
undelete.pullpush.io
ghostarchive.org
archive.org
archive.ph (click to archive)
https://mastodon.social/@Gargron/111953045633249137:
ghostarchive.org
archive.org
archive.ph (click to archive)
https://mastodon.social:
ghostarchive.org
archive.org
archive.ph (click to archive)
literally this:
ghostarchive.org
archive.org
archive.ph (click to archive)
More rumours elsewhere:
ghostarchive.org
archive.org
archive.ph (click to archive)
Jump in the discussion.
No email address required.
More options
Context
Kind of surprised it took this long. Whenever I had researched Fedi's anti-spam measures it was kind of hand-wave-y, understandable for a federated protocol.
I guess there are less "4 teh lulz" trolls anymore now that you have real financial incentives w/r/t crypto alone but also every institution being married to networked technology in some way.
Follower of Christ
Tech lover, IT Admin, heckin pupper lover and occasionally troll. I hold back feelings or opinions, right or wrong because I dislike conflict.
Jump in the discussion.
No email address required.
More options
Context