# To all Fedi Admins currently being hit with a spam wave: ***Limit these instances:*** [[Full List of Affected Instances Here](https://github.com/Mastodon-DE/blocklists/blob/main/spam/2024-02-15/2024-02-15-spam-mute-list.md)] Just get the list to download and import [here](https://github.com/Mastodon-DE/blocklists/blob/main/spam/2024-02-15/2024-02-15-spam-domain_mutes-erik-uden.csv). Simply import this list and you'll mute the 63 worst spam instances currently known to me! I've worked on it since today 11 AM (*9 hours*) verifying all lists sent to me manually. Limit first, defederate only in worst situations! **Reconsider re-federating with any of the mentioned instances once the spam is mitigated.** The admins of some of these may have just been asleep when this all started.

## Ban Spam Accounts via their E-Mail Domain **Block the following E-Mail Domain** and whatever temp Mail provider it resolves to: `chitthi.in` Just to be safe, block these ones too (*same provider*) - `mailto.plus` - `fexpost.com` - `fexbox.org` - `mailbox.in.ua` - `any.pink` All our spam accounts came from these E-mails. Since you probably have some of these accounts sleeping: `https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in` there just select all and press “Ban”. ## Find Remaining Spammers I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway: https://mamot.fr/@vincib/111946701929274350

## IP Bans and TOR These spammers seem to be using the **TOR Network** as all of their IPs are TOR Exit Node IPs, hence an idea (*with some collateral damage if executed*) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (*political refugees, leakers of important documents, etc.*) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.

## How To Block All Temp E-Mails in the Future *If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:* - **[Here is the list of all Temp email providers](https://github.com/disposable-email-domains/disposable-email-domains/)** (*there are both blocklist and allowlist*) - **[Here how to install it in Mastodon](https://codeberg.org/stvo/mastodon-ansible-nodocker#disposable-mail-blocking)** - **[The script that automatically pulls the list via Cronjob and imports it into Mastodon](https://codeberg.org/stvo/mastodon-ansible-nodocker/src/branch/main/playbooks/no_disposable_mail.yml)** - **[Script template](https://codeberg.org/stvo/mastodon-ansible-nodocker/src/branch/main/playbooks/templates/home/mastodon/addmaildomains.sh.j2)** Because of this, [hessen.social, for example, was not affected by the spam attack](https://darmstadt.social/@stvo/111940755074991980)! They had already banned the email domain the spammers used ages ago. In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.

## Why did this happen? We're probably all looking for answers as to why this spam wave happened to begin with. As much as I do not want to believe this was the real reason hundreds of us spent hours of our day today on mitigating this issue, here is a real explanation on why this spam wave came to be: **Part 1:** https://fedi.fyralabs.com/notes/9psdqurvye **Part 2:** https://fedi.fyralabs.com/notes/9psnooe6p1 **Part 3:** https://fedi.fyralabs.com/notes/9pth6oh3xr As noted, @cappy@fedi.fyralabs.com is working on a full exposé regarding the origin of the February 16th Spam Attacks. I'm patiently awaiting their work's publishing! **Good luck, everyone!** Thanks for participating in the Fediverse Experiment! #FediBlock #FediAdmin