Skip to main content

Well this is concerning.

I just suspended 14 Russian LLM generated bot accounts that were created around April 17 on my Mastodon instance, twit.social. Somehow they circumvented manual registration approval. I've turned on Captchas (much as I hate them) for new member requests in the hopes that will stop the bots. They must have discovered a registration bypass bug.

Thanks to IFTAS SW-ISAC for noting and reporting the bots.

in reply to Chief TWiT :twit:

abeorch
abeorch
Didnt someone identify something about invite links circumventing manual approval?
in reply to Chief TWiT :twit:

Viss
Viss
this is a pretty big deal. if youre running the stock mastodon code and not something like glitchsoc, this is worth submitting an issue to github about
in reply to Viss

AntiComposite
AntiComposite

RE: mastodon.iftas.org/@iftas/1164…

@Viss @leo the current tactic seems to be getting a legit-looking account through review, then using invites (which bypass review) to create the spam accounts.

IFTAS

2026-04-18 17:48:27


RE: union.place/@tim/1164266914533…

SW-ISAC Alert

The Russian botnet is now using account invites to evade various mitigations in place.

Please review your invite codes, and who's allowed to use them.

#MastoAdmin #FediAdmin #SW_ISAC_ADVISORY

ref: about.iftas.org/library/suspec…

@tim@union.place:

Fellow #MastoAdmin people: if you need to track down all users invited by a particular user, here's an SQL query (disclosure: generated by Gemini, vetted and validated by me): see next post.



@Viss @Chief TWiT :twit: