Skip to main content


spam?


Friendica Support reshared this.

Content warning: spam?

Friendica Support reshared this.

is it possible via cli as well? It takes hours doing in chunks

Friendica Support reshared this.

@Lorenz@grin I don't think so. You can block it via cli but it does not purge the corresponding entries in the database.

Friendica Support reshared this.

thanks, so that was quick:
bin/console serverblock add *.activitypub-troll.cf spam
This entry was edited (1 year ago)

Friendica Support reshared this.

Yes but that haven't cleaned the db, have it.

Friendica Support reshared this.

no but at least there will be no activity fram from those servers, I hope

Friendica Support reshared this.

didn't stop for me at all.

Friendica Support reshared this.

The queue is empty, wow, there were more than 100 000 elements in the queue before!!

Friendica Support reshared this.

now i have the command running from here to empty the database https://github.com/friendica/friendica/issues/12705#issuecomment-1398887054

Friendica Support reshared this.

I also emptied worker queue matching these patterns.
@Roland Häder Was the command wrong? Not sure if it had deleted anything, it just replied with
Query OK, 13779424 rows affected (1 hour 16 min 19.826 sec)
This entry was edited (1 year ago)

Friendica Support reshared this.

Oh damn. I guess I should block that on my server.

Friendica Support reshared this.

@Roland Häder Ok, thanks. I don't see any difference in the available space on the server, though.

Friendica Support reshared this.

@Roland Häder Wow, I feel honoured ;) It is only a small instance, just for me, on a VPS with 2GB RAM

Friendica Support reshared this.

@Roland Häder Thanks! I am not fluent in mysql / mariadb. There are lots of optimization commands, it seems. Which one should I use?

Friendica Support reshared this.

@lk @roland@f.haeder.net @grin

I guess, you are aware of the EXPLAIN command?
And now an attack by gab.best! Have to block them now as well

Friendica Support reshared this.

I am not sure bans stop filling gserver table.
thanks @Roland Häder is it the gserver table that I have to optimize?

Friendica Support reshared this.

@Roland Häder I run
OPTIMIZE TABLE gserver; and it deleted more than 3GB!

Friendica Support reshared this.

So no, optimize table doesn't do anything for innodb. Copying/renaming is painful for huge tables.

Correction: after removing (better) optimize started, and recreated in a flash. Thanks!
Deleting from the table took 2 hours. Still wondering how to shrink it since it's too big for having another copy.
I'm honoured. 😀 :blush:
if you enable innodb-file-per-table it wont keep unused space reserved.

Friendica Support reshared this.

I have banned and purged sbcloud.cc from everywhere, based on this

2023-01-29T10:27:59Z worker [INFO]: Server peer update start {"url":"https://fed.sbcloud.cc","worker_id":"85e31dd","worker_cmd":"UpdateServerPeers"} - {"file":"UpdateServerPeers.php","line":54,"function":"execute","uid":"a33038","process_id":295381}
2023-01-29T10:27:59Z worker [INFO]: Server is unknown. Start discovery. {"Server":"https://1chs090ty.activitypub-troll.cf","worker_id":"85e31dd","worker_cmd":"UpdateServerPeers"} - {"file":"GServer.php","line":358,"function":"check","uid":"a33038","process_id":295381}


Since then worker doesn't pull in spambots again.

Now, it would be neat to know:
1. What exatly happened (I don't know the protocol that deeply)
2. Who did what
3. How to prevent that from happening in the future (both network-wise and locally)

#spambot #spam

reshared this

@Roland Häder @Lorenz !Friendica Support The toot this one replies to would have been shared to the people mentioned here, but I cannot seem to have a way to edit it accordingly; editing doesn't expand name references, nor can seem to be able to tag people... I hope they can see the parent toot of this....
I am not sure I'll ever grok how this is supposed to work, who gets notified when and who see what where how.

Friendica Support reshared this.

It seems sbcloud.cc was the origin. Problem is that you usually do not know which IP to ban, not easy to trace the problem, the logs don't help much.

Friendica Support reshared this.

hm.... sbcloud looks legit. The startpage is Element (for Matrix chat server), then there is fed.sbcloud.cc which is used only by five users

Friendica Support reshared this.

And you are saying...?

Friendica Support reshared this.

Why? You think that having dns is proof that no bad traffic comes from there? Especially since you seem to realise that the spammed addresses were fakes, yet you seem to expect "blocking" a non-existent server. You based your opinion on about zero amount of facts, but you seem to be quite assured that you are, somehow, right.

But anyway, stopped spam for me, you're free to do whatever you deem proper, including looking at the dns when the AP networks get abused. 🤷

I wish there were useful logs: those would be better for abuse management than... dns.

Friendica Support reshared this.

Even after I have blocked these servers more than two weeks ago, the gserver table had more than 8GB! Now I run the same delete command again, and the table now has 10GB. What happened? Somebody knows what to do? Weird stuff.

MariaDB [friendicadb]> DELETE FROM `gserver` WHERE `url` LIKE '%activitypub-troll.cf%' OR `url` LIKE '%gab.best%';
Query OK, 37499832 rows affected (5 hours 46 min 51.045 sec)


UPDATE: I run OPTIMIZE TABLE gserver; - and now, wow! the table is nearly empty, just 31 MB, and now it seems I did not have to upgrade my VPS!

Friendica Support reshared this.

I tried to optimize all tables, but that lasted too long, so I stopped it.

I am surprised to hear that the avatar is not showing. What can be the reason? What can I do?

Friendica Support reshared this.

Thanks, I will try it next time with screen!

Friendica Support reshared this.

Was the error on my or your or Friendica's side? Last time I checked the photo showed up on Mastodon instances

Friendica Support reshared this.

Exception: Got a packet bigger than 'max_allowed_packet' bytes

Seems to be on your end then?

Friendica Support reshared this.

Two months later same issue:


MariaDB [friendicadb]> DELETE FROM `gserver` WHERE `url` LIKE '%activitypub-troll.cf%' OR `url` LIKE '%gab.best%';
Query OK, 38621191 rows affected (4 hours 3 min 46.706 sec)


more than 9GB freed up!

Friendica Support reshared this.

Running 2023-03-rc on the last commit.
86k server from *.gab.best.

select count(*) from gserver where url LIKE '%troll.cf%' OR `url` LIKE '%gab.best%';
+----------+
| 86378 |
+----------+
DELETE FROM `gserver` WHERE `url` LIKE '%activitypub-troll.cf%' OR `url` LIKE '%gab.best%';
Query OK, 86378 rows affected (1.143 sec)

Changed Block pattern from gab.best to *.gab.best.
Obiviously i missed the wildcard.

Friendica Support reshared this.

The thing is I have added the wildcard and blocked the other troll-domain, and nevertheless, I still get all their spam.

so within one week the result:

MariaDB [friendicadb]> DELETE FROM `gserver` WHERE `url` LIKE '%activitypub-troll.cf%' OR `url` LIKE '%gab.best%';
Query OK, 17018290 rows affected (1 hour 48 min 11.643 sec)

Friendica Support reshared this.

@Lorenz Please block only *.activitypub-troll.cf the other blocks should not do anything.

@Roland Häder if I remember correctly your fix was added to the 2023.03-rc branch. The instance of @Lorenz runs on 2023.01, so still without the fix.

Friendica Support reshared this.

@OldKid
Alright, I will upgrade to the RC the coming days, then. Thanks!
@Roland Häder @Friendica Support

Friendica Support reshared this.

@Roland Häder did you add the fix for 2023.01 - 1502 or the newest dev-releases?

Friendica Support reshared this.

@Roland Häder @OldKid @Lorenz
The pull request is marked in the 2023-03 Milestone, so I guess its in the actual RC and later in 2023-03-stable.
Link to pull request #12700
This entry was edited (1 year ago)

Friendica Support reshared this.