Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Mass remote follow being used as attack vector #11360
(Screenshot taken from the attacker's feed; I haven't personally tried it :) )
Presumably the initial intent was just to artificially inflate follower numbers for specific accounts, but since posting this has been actively used against several servers.
Unclear whether simply suspending the remote server is sufficient to prevent impact as the admin interface states "The domain block will not prevent creation of account entries in the database" or whether firewall rules must also be employed.
https://FreeFediFollowers.ga/ is actively exploiting this in the wild. I recommend fellow fediverse nodes add a domain block for them.
p.s. Adding a domain suspension (also enabling both block options under silence prior to selecting suspend in the moderation panel) will kick off sidekiq jobs and slowly remove all follows from all accounts.