I've noticed a very slow trickle of fake accounts registering at my instance recently.
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
-
R relay@relay.mycrowd.ca shared this topic
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb scary.....
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb
Any important elections coming up? -
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb A lot of times, nefarious accounts just sit idle for a long time before being called into action.
It's also worthy to note, with Mastodon, users can setup interactions to be filtered under a special area in notifications for news accounts, as well as other settings... So, if a new account tries to send spam within the first 30 days, it will get filtered behind a special area in notifications. They could be for future nefarious use,
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb
Possibly data harvesting while waiting for some command?I think IFTAS had a post quite recently about a whole botnet that's creating tons of accounts, behaving kind of normally for awhile before they start doing... whatever it is they start doing (wow, having a short sleep is doing wonders for the memory).
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
@sb definitely will be used later. Had that happen here, they’d look legit for a while then start spamming. Luckily recently for me all of the spam signups have been pretty dang obvious.
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
Sounds like sleeper bot accounts.
They're most likely monitoring your public instance feed, including non-federated instance-local-only posts as I noticed some aren't following other accounts, but check if an account is following them.
I'd also check for any unexpected traffic to/from your instance on the wire when there shouldn't be any, just in case.
But it's concerning.
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
I've noticed similar accounts commenting on YouTube.
They have been created years ago with minimal information, and suddenly they come out and go full throttle with pro-Russian arguments in debates on videos related to the US, EU and Ukraine.
It's not ideal that Hetzner is hosting the email for them, but then again - if the Hetzner account is created by a EU citizen with Russian ties, it's almost impossible to detect.
Personally I would contact the account owner and ask them a couple of follow-up questions and tell them to go elsewhere if I felt something was fishy.
-
I've noticed a very slow trickle of fake accounts registering at my instance recently. They put more work into them than normal:
- they have somewhat convincing usernames
- semi-reasonable descriptions
- emails on custom domains (Hetzner vps usually)
- unique IP per account (often same subnet)
- uploads a profile pic & banner image
- some of them boost a few posts from admin acctBut then these accounts just sit there. They aren't spamming. What is their goal?
-
R relay@relay.infosec.exchange shared this topic
