Fediverse

Fediverse

Spam filtering strategy (Fediverse only)

• K-Anonymity test - Estimating whether the characters has been arranged by humans. (use Have I Been Pwned)
• Not CAPTCHA - Image spam containing characters that look very similar to CAPTCHA. (use TrueCaptcha)
• VowelRatio10 - In characters arranged by humans, there is a high frequency of vowels (aeiou) and semivowels (wy) and vowel-ending patterns included in strings that are 10 characters.
• Palindrome4 - Detect palindromes composed of 4 or more characters
• KnownWords4 - Detect well-known words composed of 4 or more characters
• SearchEngine3 - In public search engine, the given string yields more than 2 results. (use LibreY)
• RepeatedNumber3 - Detect a repeated numbers 3 times or more.
• SSL decryption (MITM) when relaying to federated servers.

The strategies were implemented to respond to the Fediverse Spam Attacks which started on the 15th of February.

Example of settings.ini (.env)

[settings]
PORT=5555
SERVER_URL=localhost
SERVER_CONNECTION_TYPE=
CA_KEY=ca.key
CA_CERT=ca.crt
CERT_KEY=cert.key
CERT_DIR=certs/
OPENSSL_BINPATH=openssl
CLIENT_ENCODING=utf-8
LOCAL_DOMAIN=example.org
PROXY_PASS=http://127.0.0.1:3000
DICTIONARY_FILE=words_alpha.txt
TRUECAPTCHA_USERID=
TRUECAPTCHA_APIKEY=
LIBREY_APIURL=

For Mastodon users

In [Caterpillar installed directory]/settings.ini or .env

1. set SERVER_URL variable to localhost in .env (e.g. SERVER_URL=localhost)
2. set PROXY_PASS variable to Mastodon backend URI (e.g. http://127.0.0.1:3000)
3. if you want use notification, set MASTODON_SERVER(server domain) and MASTODON_USER_TOKEN(access token) variables

In [Mastodon installed directory]/env.production

1. set http_proxy variable to http://localhost:5555 (e.g. http_proxy=http://localhost:5555)

In NGINX configuration

1. Check your port number of Caterpillar (default: 5555)
2. In NGINX configuration (e.g. /etc/nginx/conf.d/mastodon.conf), edit the proxy_pass like a proxy_pass http://localhost:5555