This document covers how to block spam using Caterpillar Proxy in web applications using the federation based on the ActivityPub protocol (referred to as Fediverse), such as Mastodon, Misskey, Akkoma(Pleroma). #

Spam filtering strategies

• K-Anonymity test - Estimating whether the characters has been arranged by humans. (use Have I Been Pwned)

• Not CAPTCHA - Image spam containing characters that look very similar to CAPTCHA. (use TrueCaptcha)

• VowelRatio10 - In characters arranged by humans, there is a high frequency of vowels (aeiou) and semivowels (wy) and vowel-ending patterns included in strings that are 10 characters.

• Palindrome4 - Detect palindromes composed of 4 or more characters

• KnownWords4 - Detect well-known english words composed of 4 or more characters

• SearchEngine3 - In public search engine, the given string yields more than 2 results. (use LibreY)

• RepeatedNumber3 - Detect a repeated numbers 3 times or more.

• SSL decryption (MITM) when relaying to federated servers.

The strategies were implemented to respond to the Fediverse Spam Attacks which started on the 15th of February. # #

Example of settings.ini or .env

[settings]
PORT=5555
SERVER_URL=localhost
SERVER_CONNECTION_TYPE=proxy
CA_KEY=ca.key
CA_CERT=ca.crt
CERT_KEY=cert.key
CERT_DIR=certs/
OPENSSL_BINPATH=openssl
CLIENT_ENCODING=utf-8
LOCAL_DOMAIN=example.org,www.example.org,social.example.org,private.example.org
PROXY_PASS=http://127.0.0.1:3000
MASTODON_SERVER=
MASTODON_USER_TOKEN=
TRUECAPTCHA_USERID=
TRUECAPTCHA_APIKEY=
LIBREY_URL=https://serp.catswords.net
DICTIONARY_FILE=/usr/local/src/english-words/words_alpha.txt
BAD_DOMAIN=krsw-wiki.org,midokuriserver.github.io
USE_EXTENSIONS=fediverse.Fediverse

For Mastodon users

In [Caterpillar installed directory]/settings.ini or .env

1. set SERVER_URL variable to localhost in .env (e. g. SERVER_URL=localhost)

2. set PROXY_PASS variable to Mastodon backend URI (e. g. http://127.0.0.1:3000)

3. if you want use notification, set MASTODON_SERVER(server domain) and MASTODON_USER_TOKEN(access token) variables

In [Mastodon installed directory]/env.production

1. set http_proxy variable to http://localhost:5555 (e. g., http_proxy=http://localhost:5555)

In NGINX configuration

1. Check your port number of Caterpillar (default: 5555)

2. In NGINX configuration (e. g., /etc/nginx/conf.d/mastodon.conf), edit the proxy_pass like a proxy_pass http://localhost:5555

Report abuse

• GitHub Security Advisories

• abuse@catswords.net

• ActivityPub @catswords_oss@catswords.social

• XMPP catswords@conference.xmpp.catswords.net

• Join Catswords on Microsoft Teams