People trying to make command line tools to manually delete spam... * sigh *

I have some scripts I use for this here https://git.feneas.org/diasporg/diaspora/-/tree/master/script
I also usually post a blog post about things when I figure them out here https://b.diasp.org

@David Morley it seems the comment above yours is actually the link to the scripts you have mentioned

Also as I see the "best" way is grepping the logs and try to act on them. As I see the scripts mainly concentrate on failed tries but my spambots have successfully solved the captcha (in milliseconds so it's probably using one of the many simple-capcha-solving scripts using imagemagick) and registered.

Still... I do not see the point in registering a lot of account using bots then doing visibly nothing. Apart from possibly annoying the podmin.

By the way I was checking the database directly. I'm yet to find what to do with the results.... * sigh *

my sign_up_abuse script will probably serve you well then, does a good job for me

And I run these scripts via other things than manual to do the work for me, these are just the scripts to make it happen. I leverage procmail and my mail logs also to pipe into these scripts.

Here's the lookup for my spambots, verbose mode:

SELECT current_sign_in_ip,id,username,language,email,sign_in_count,created_at,last_seen 
  FROM users WHERE current_sign_in_ip IN (SELECT current_sign_in_ip 
    FROM users WHERE current_sign_in_ip IS NOT NULL GROUP BY 1 
    HAVING COUNT(username)>1)
    ORDER BY 1,2;

My pod has closed down public registrations, after registrations from too many obscure mail addresses occurred. The pod is now invitation-only.

Apart from that, those users were gone forcefully after they apparently did not interact.

Side note: The pod is not the only system affected by countless registrations from strange mail addresses.
It seems to me this is on purpose to try and spam the affected mail addresses and not so much to misuse the accounts created.

And since even hCaptcha is obviously not capable of doing its job, I don't think any captcha truly can, given enough computing power on the adversary's end. Sad as that may be.

@Felix Tiede while I understand that the addresses will get response from the pod I fail to see how the spambots imagine to determine its content. Spam is quite pointless if they can't put in the advertisement to get them rich, or to include malware for the same purpose. And they can't use same email twice so even revenge-filling a mailbox isn't working this way.

I didn't say I understand the motives behind it.

I have various servers, all of them with funky registrations. However as far as I see the only place I see spam is ActivityPub+PeerTube, where they try to spam ad videos ad weblinks (and fail that due to the filters). On matrix, diaspora, friendica I see the registrations but not much related traffic. Weird.

If I were to guess, these bots try to share with some users, wait for the auto share-back feature to kick in and then spam with automated personal messages, not so much with public posts.

At least that's what I've seen with some spambots.

Maybe users have learned to not automagically share back to keep those bots silent.

I think these are registration bots, while they are quiet I do try and clean them out as I predict future issues
https://webmasters.stackexchange.com/questions/61291/why-do-registration-bots-exist-what-do-they-gain-from-registering-on-my-site

@Felix Tiede I have queried my db extensively and they do not seem to follow or message anyone. I see no invites, either.

To the best of my knowledge they're just link farming. I closed registration on my pod because all I was getting were farmers or trolls. In any case, if you have set up the remove_old_users stuff enabled, they'll get scrubbed that way.

I'm not a podmin 'cept just want to thank you all for your efforts on this. 👍

@Brad Koehn ☑️ could you enlighten me what exactly mean by "link farming"? What are they supposed to do with blank registrations?

@Elegance 👍

@grin@spora.grin.hu All of mine had links to another site, usually a small business, for purposes of search engine optimization (SEO).

@Brad Koehn ☑️ links where? Post? Comment?
It actually only take a <a rel="nofollow"
to nullify any #SEO value; I don't know whether that's the case with #diaspora (what Wikipedia does to stop idiots from getting any value from spamming the project).

@grin@spora.grin.hu I know; I use a robots.txt that prevents indexing, but the link farmers don't seem to care.