MICROPEN Statement Regarding February 2024 Spam Attacks on Fediverse

Last Update: 12:00 p.m. JST, February 25, 2024

Currently, there is a rampant spam activity on many servers of Mastodon and Misskey, where mentions are made to a large number of unspecified accounts.

To counter this issue, at MICROPEN, for the following types of posts, if a mention reaches a user belonging to MICROPEN, we will implement an indefinite domain block. However, this excludes cases where the server management status is good and it is expected that the spam will be dealt with immediately.

  • Cases where indiscriminate mentions to a large number of unspecified accounts are included
  • Cases where an image containing the URL of a specific Discord server is posted
  • Cases where the URL of the website of a specific cracker group is included in the post

We apologize for the inconvenience caused to the good users who use the servers that fall under the above. We appreciate your understanding.

Additionaly, currently, MICROPEN does not accept posts including aforementioned URLs, no matter where they come from.

Please note that MICROPEN does not open general registrations, so it is not the source of this spam. We will continue to maintain appropriate security measures and monitoring, so we appreciate your understanding.

Regarding the response to servers that have introduced a "positive list approach" as a spam countermeasure

At MICROPEN, as a small-scale server, we rely on the federation feature for connections between users.

We have confirmed cases where some large-scale servers have significantly restricted the federation feature as a spam countermeasure, and are only federating with servers listed on a positive list.

For such servers, we will consider them as indefinite block targets as we cannot trust their management policy. We appreciate your understanding.

About the misuse of server administrator email addresses

During the above attacks on Mastodon and Misskey instances, the email addresses shown as contact information for each server were collected, and we have confirmed cases where extremely inappropriate posts were made to the inquiry forms of various companies.

We have confirmed misuse of the address[^2] of Kuropen, the administrator of MICROPEN, after 2:00 p.m. JST on February 17.

While we anticipated the possibility of misuse by showing the email address, the posted messages are extremely malicious, which is truly regrettable.

Regarding this matter, we provided information to the police around 8:50 a.m. JST on February 18, 2024.

To prevent similar incidents in the future, we have decided to show the URL of the inquiry form instead of the email address. We appreciate your understanding.

[^2]: Its domain name is eternie-labs.net .

Last Updated::