One foot planted in “Yeehaw!” the other in “yuppie”.
My Alts:
If you see th3raid0r associated with any other instances it is NOT me and you should block and/or report them.
If an admin does not delete that user - they are complicit in bot spam and the instance de-federated.
Nooope, I have IP data, email logs, and other things. However, much of the data had fallen off my WAF retention period. Oddly convenient how you just assume I don’t have these things rather than keeping them close because I don’t want the bots to figure out how I’m catching them.
When you conveniently leave out that providing proof reduces an admins ability to re-use certain detection methods, it makes me pretty convinced you’re complicit.
This admin will state that UM is a bot. And wouldn’t ya know it some of the other signup attempts used the alt names. Weird that.
I don’t think many admins know infosec practices very well to be frank.
Admin of tucson.social here - when UM signed up at tucson.social he made some crucial mistakes that made him easy to identify as a bot. Unfortunately, since this affects my security posture, I’m not keen on publicly posting what it is as he still makes the same mistakes.
However, let me add this - there are multiple places we should be validating are accessed from the same IP in a registration flow - all to many bot farms centralize certain aspects of their operations and use the same IP every time for only certain parts of a given flow.
I’ll also add that many admins are either stupid about site security, or actively complicit in the bot problem.
Interesting how you continue to leave out the security implications of posting this publicly.
Odd that.
I know not if you are a bot, you aren’t on my instance, nor would it be likely you could get through my process.
I do know that you are awfully defensive of sockpuppet like behavior though.