I was checking the log and discovered, that somebody is spoiling network by spawning thousands of fake servers.
Is it a kind of DDOS attack on the network?
:fediverse: :fedisearch:

For now I found and blocked 3 domains that are doing it: fediversesearch.com, gab.best, 4chan.icu
In database I have around 86000 subdomains of each, all looking random like 7gq0ke9560x0.gab.best
🤔🛡

Follow

I don't know how activity pub works, but is it possible to pretend to be somebody else's domain?
Today I found out that there are thousands of fake subdomains of masto.host, like:
iwao631fa552.masto.host
iwap631fa552.masto.host
iwaq631fa552.masto.host
...
@mastohost

I have to come up with a way how to autoamtically recognize and block these subdomain ranges on my app.

@stepan ActivityPub is a protocol. Like any protocol, it can be implemented differently by each software/developer.

One developer can create an ActivityPub compatible software without domain/source validation and another with domain/source validation.

From what I understand, you are attempting to collect information from all ActivityPub compatible software and so, each software will have its own answer to your question.

Sign in to participate in the conversation
Škorpil's Mastodon

Štěpán Škorpil's personal Mastodon server - instance of federated social network