This might spark outrage but can we note ips to accounts so if they mass register, other servers get notified through federation and deactivate those (new) accounts or block registration at all?
The idea would be:
- I register an acocunt, my ip gets noted, I assume they federate immediately?
- i register another account on the same ip since no relog/isp change happened, my ip came through federation, i dont get blocked since this could have been a mistake
- i register another account, gets blocked for mass registration
The obvious way around this would be changing your ip constantly but its at least uncomfortable for an attacker.
Now comes the kicker:
- I start spamming, get banned
- I spam with another account, same ip, same ban reason on another server, ip ban gets triggered since they’re close in time
- ip ban shuts me down for 12 hrs? i will change the ip anyway but it slows down the attack again and makes automation hard.
Feel free to poke holes in this. i‘m trying to find solutions, not be right. But please be gentle, I‘m trying to help.
But this will definitely ban all VPNs
Yeah, there are numerous reasons told people would come from the same IP. And then once they realize that you’re doing that they’ll just spoof their IPs.
I havent thought of the many people using those.
Maybe to combat this, people with von could use email verification. I know its back to square one in terms of privacy but there are email aliases after all.
The other solution I could think of is account age/comment number or karma.
I’m a frequent user of temporary mails so from experience this will be no more than a 5-10 second manual workaround.