Skip Navigation

User banner

th3raid0r

@ th3raid0r @tucson.social

Posts
4
Comments
55
Joined
3 yr. ago

One foot planted in "Yeehaw!" the other in "yuppie".

My Alts:

If you see th3raid0r associated with any other instances it is NOT me and you should block and/or report them.

If an admin does not delete that user - they are complicit in bot spam and the instance de-federated.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • Do I know if they are the exact same individual - no - I can't know that because I don't have IP information from other instances. To use this limitation as a bludgeon is dishonest. Admins that host sockpuppets and know it aren't likely to ever reveal this information.

    Do I have clear evidence that the UM/CM0002/BarryGoldWater user(s) that attempted signup on my instance are bots - Oh definitely yes.

    Now, I see you are a mod not an admin. I do not typically share my methods with non-admins, and definitely not over a public forum like this.

    If the dbzer0 admin wants my supporting information, they may DM me with their preferred matrix handle/server, and i will happily discuss there.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • Give the documents then? And am I a bot now too?

    Interesting how you continue to leave out the security implications of posting this publicly.

    Odd that.

    I know not if you are a bot, you aren't on my instance, nor would it be likely you could get through my process.

    I do know that you are awfully defensive of sockpuppet like behavior though.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • Nooope, I have IP data, email logs, and other things. However, much of the data had fallen off my WAF retention period. Oddly convenient how you just assume I don't have these things rather than keeping them close because I don't want the bots to figure out how I'm catching them.

    When you conveniently leave out that providing proof reduces an admins ability to re-use certain detection methods, it makes me pretty convinced you're complicit.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • How do you identify sock puppets? Are they all the same IP?

    From an Admin perspective, most botnets do a good job of distributing most of their traffic. But the key is they don't distribute ALL of their traffic.

    From a user perspective my advice is generally "if it quacks like a duck"...

    That is, is the persona that of an extreme stereotype? Are they overly contrarian? Is what they are doing destructive to those who claim similar identities? Then it's likely a sockpuppet.

    And if it isn't - oh well, treat them like one anyways - it's better for society that way.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • CM0002 may not be shaking the cage as hard, but he is still a bot - and associated with the same botnet when I got a burst of signups for UM and his alts.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • Barrygoldwater is a bot associated with UM. UM also is associated with CM0002 from an IP standpoint given the last "bot signup attack" I experienced. (Fun fact they use barrygoldwater in their email they use to sign up from)

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • Or rather, this admin, do they have a WAF? Are they analyzing the traffic that comes in? Are the sure they're checking every point of interaction for consistency? If no, then they didn't really "Check".

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • This admin will state that UM is a bot. And wouldn't ya know it some of the other signup attempts used the alt names. Weird that.

    I don't think many admins know infosec practices very well to be frank.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • Fuck all, but luckily TrickDacy is here to instantly believe any baseless accusation.

    As an admin who had to fend off UM's bot signups - it's definitely not unfounded.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • I have a more effective way of confirming things like this if interested…

    Probably not more effective than my method - but you need to be an instance admin to be able to use my method.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • Yeah, whatever man - I had a huge "attack" one day, and wouldn't you know, about 4-5 of the usernames listed here were involved in that. Odd that. Also, their traffic patterns were hugely suspect.

    I spent hours into investigating that "perhaps these are real users" and nope, they fell right into my honeypot routes. UM and CM0002 are bots, full stop.

    They also aren't Tucsonans, which is why I didn't approve their signup.

    I don't think many admins actually know how to properly audit for bots - and honestly, that problem is harder when you're a global instance.

    It's part of why I don't think global instances will work for the fediverse, too vulnerable to bot manipulation. We need proof of humanity - and that scales better with local nodes.

  • Locked

    DonaldJMusk is running dozens of accounts

    Jump

  • Admin of tucson.social here - when UM signed up at tucson.social he made some crucial mistakes that made him easy to identify as a bot. Unfortunately, since this affects my security posture, I'm not keen on publicly posting what it is as he still makes the same mistakes.

    However, let me add this - there are multiple places we should be validating are accessed from the same IP in a registration flow - all to many bot farms centralize certain aspects of their operations and use the same IP every time for only certain parts of a given flow.

    I'll also add that many admins are either stupid about site security, or actively complicit in the bot problem.

  • And now what?

    Jump

  • I also just lost my father last Monday. He was in Quartzsite, AZ.

    Have you tried checking CL or Hotpads for a short term Casita? That'll save you a lot vs hotels.

  • Totes me

    Jump

  • Audhd here, It would be nice if it were a quiet log file. I log straight to the console AND it's probably with DEBUG enabled.

  • Framework Laptop 16. Upgraded!

    Jump

  • Yeah as soon as I saw that I went from "must buy" to "eh, maybe if my current laptop breaks". I mean, I know the iGPU is basically the same as the desktop, but with slower memory it won't really compare.

    Maybe next generation.

  • Linux is now 34 years old. Happy Birthday!

    Jump

  • You too!? Ha! Today I learned.

    I'll always know exactly how old Linux is. It's exactly as old as I am.

  • Linux is now 34 years old. Happy Birthday!

    Jump

  • Eh, it's more like the pregnancy announcement. Imo the v0.01 release on Sep 17th is a "Birthday".

    But then again I'm biased on this. 🙃

  • LYING TO CHILDREN

    Jump

  • Perfection!

  • LYING TO CHILDREN

    Jump

  • I think I speak for all of Tucson.social when I say fuck this AI bullshit.

  • Tucson Politics @tucson.social
    th3raid0r @tucson.social
    Featured

    Looking to get politically involved in Tucson? Start here

    takeactiontucson.org
  • Tucson Politics @tucson.social
    th3raid0r @tucson.social
    Featured

    Temporary Rule - Any Articles referencing "Deporting" a U.S. citizen shall henceforth be required to use the term "Exile" in the title.

  • Music @beehaw.org
    th3raid0r @tucson.social

    GenAI killed music discovery for me. How are folks discovering HUMAN music in the modern era?

  • Technology @beehaw.org
    th3raid0r @tucson.social

    Google sunsets Domains business and shovels it off to Squarespace

    www.theverge.com /2023/6/16/23763340/google-domains-sunset-sell-squarespace