# To all Fedi Admins currently being hit with a spam wave:
***Limit these instances:***
[[Full List of Affected Instances Here](https://github.com/Mastodon-DE/blocklists/blob/main/spam/2024-02-15/2024-02-15-spam-mute-list.md)]
Just get the list to download and import [here](https://github.com/Mastodon-DE/blocklists/blob/main/spam/2024-02-15/2024-02-15-spam-domain_mutes-erik-uden.csv).
Simply import this list and you'll mute the 63 worst spam instances currently known to me! I've worked on it since today 11 AM (*9 hours*) verifying all lists sent to me manually.
Limit first, defederate only in worst situations!
**Reconsider re-federating with any of the mentioned instances once the spam is mitigated.** The admins of some of these may have just been asleep when this all started.
## Ban Spam Accounts via their E-Mail Domain
**Block the following E-Mail Domain** and whatever temp Mail provider it resolves to: `chitthi.in`
Just to be safe, block these ones too (*same provider*)
- `mailto.plus`
- `fexpost.com`
- `fexbox.org`
- `mailbox.in.ua`
- `any.pink`
All our spam accounts came from these E-mails.
Since you probably have some of these accounts sleeping:
`https://[your-instance.tld]/admin/accounts?email=%25%40chitthi.in` there just select all and press “Ban”.
## Find Remaining Spammers
I've seen instances that fixed the spam issue but began being hit later again. The spammers might use new E-Mails, so here is a way to find and block them anyway:
https://mamot.fr/@vincib/111946701929274350
## IP Bans and TOR
These spammers seem to be using the **TOR Network** as all of their IPs are TOR Exit Node IPs, hence an idea (*with some collateral damage if executed*) would be to ban all TOR exit node IPs for sign ups. I am personally against this idea as you'd also prevent users who simply wish to stay anonymous online (*political refugees, leakers of important documents, etc.*) from using your platform. For now, simply banning every user using a particular Spammer IP will not help and will merely ban users that try to stay anonymous! Not necessarily the spammers.
## How To Block All Temp E-Mails in the Future
*If you want to prevent this from ever happening again, you should block E-Mails from Temporary Mail providers all together:*
- **[Here is the list of all Temp email providers](https://github.com/disposable-email-domains/disposable-email-domains/)** (*there are both blocklist and allowlist*)
- **[Here how to install it in Mastodon](https://codeberg.org/stvo/mastodon-ansible-nodocker#disposable-mail-blocking)**
- **[The script that automatically pulls the list via Cronjob and imports it into Mastodon](https://codeberg.org/stvo/mastodon-ansible-nodocker/src/branch/main/playbooks/no_disposable_mail.yml)**
- **[Script template](https://codeberg.org/stvo/mastodon-ansible-nodocker/src/branch/main/playbooks/templates/home/mastodon/addmaildomains.sh.j2)**
Because of this, [hessen.social, for example, was not affected by the spam attack](https://darmstadt.social/@stvo/111940755074991980)! They had already banned the email domain the spammers used ages ago.
In future updates on Mastodon, maybe Admins can simply click a button that says “Ban Temp E-Mail Providers” Automagically from the E-Mail Menu? There could be E-Mail categories that can be banned, such as temporary mails.
## Why did this happen?
We're probably all looking for answers as to why this spam wave happened to begin with. As much as I do not want to believe this was the real reason hundreds of us spent hours of our day today on mitigating this issue, here is a real explanation on why this spam wave came to be:
**Part 1:**
https://fedi.fyralabs.com/notes/9psdqurvye
**Part 2:**
https://fedi.fyralabs.com/notes/9psnooe6p1
**Part 3:**
https://fedi.fyralabs.com/notes/9pth6oh3xr
As noted, @
[email protected] is working on a full exposé regarding the origin of the February 16th Spam Attacks. I'm patiently awaiting their work's publishing!
**Good luck, everyone!**
Thanks for participating in the Fediverse Experiment!
#FediBlock #FediAdmin
