I have made a post about some Mastodon instances being associated with malware and explaining what I found:

I think it can be interesting for people who are + would love to have people from have a look and share any feedback. Thanks.

@hugo we are taking that hugely seriously and do think a means of cross-instance warning would make sense…. Certainly posting to #mastoadmin is one way. Bet there could be others.

@hugo here is key bit from the above: “… an attacker creates a profile on a social media site like anyone else. Then adds the URL of their profile (or RSS feed) to the malware bot. Once the bot infects a third-party computer, it fetches the social media profile of the attacker and looks for instructions. The attacker can then issue instructions/commands using standard social media tools, and the bot follows those instructions . “ cc: @mastohost

@hugo Thank you for this! We had the same issue with on the exact same day as but fort i my response was in time to not get 'banned'.

I have done many scans since this issue but never found anything else than the one account with a "ping IP" in the bio! I've spend a load of time getting us from all VirusTotal related sites since many just copy paste the result :sad_cat:

@stux Thank you so much for sharing.

How did you out of VirusTotal? I could do it on CRDF Threat Center but don't know how I can do it on VirusTotal.

@hugo Get in touch with all vendors that list you as malicious 😮

There was one or two that i couln't find anywhere so I bet we're still flagged :blobcatgiggle:

Most have forums or removal req forms

@stux Oh, that makes sense. Thank you for letting me know.

their business model does not really require a low false positive, quite the opposite actually. most commercial AV are slimeware and borderline malicious scaremongering subscription scams.

@yes @evelyn True, the problem is that the majority of people have AV installed and have no knowledge. So, they assume the AV knows best. Can become tricky to get more people to start using small decentralised communities. In this case some of the examples are the opposite of small and decentralised, and I think that there is a separate problem this underscores of moderating very large monolithic instances

and yet again user education is lacking... a common theme.

Who determine what is #malware and what is a useful service?

Another theme that keeps popping up is ppl on Fedi using (#)GriftHub.

Also as s part of a holistic movement towards #censorshipResistance, all instances should strive to federate over Tor or I2P.

We posit that federation over #I2P should be default because Tor don't like lots of traffic (eg. they don't recommend torrenting over Tor etc).

@hugo @evelyn

Hi Nanachi,

I2P is fast a lot of the time. This is why bitcoin and torrenting is using I2P and why we think its perfect for Fedi. Fediverse really doesn't even need to be blindingly fast anyway, but it will likely be somewhat fast.

@hugo @evelyn

yea hi,

i2p is "fast" (50kbps per connection absolute max) yes, but suffers from bottlenecks, the scaling factors in i2p are relatively dismal. they have done a great job removing one shot elgamal from the protocol but the real issue is i2p integration is more invasive vs even .onion, lokinet uses dns as its primary "api" and as long as your resolver settings are set zero modifications are required to use it. i cannot suggest people suffer the pains of setting up i2p or onion connectivity when lokinet is a thing. but that it just me.
you are right, fedi does not need to be fast , it needs to be easy. lokinet seems so much better on that front vs everyone else.
one of the most useful things lokinet brings is hybrid mode on mainline fedi, if you have a clearnet domain you can still talk to .loki without needing a .loki domain, you just need lokinet dns on your instance, on the other end for .loki only they just need to pick an exit node for outbound federation to clearnet instances with lokinet dns. all of it turnkey, no mods required in any of fedi's stack. much easier to gain network effect with that vs everything else.
Inicie a sessão para participar na conversa
Mastodon (PT) é uma instância de Mastodon para pessoas que falam Português.