One interesting behavior is if tag as spam in Amethyst after a few minutes you get another random account replying to that. It seems to have a purposeful delay to (I assume) avoid rate-limiting.
Example:
Yesterday and overnight seen a few variations on the spam attacks. With nostr:npub16fcy8ynknssdv7s487nh4p2h4vr3aun64lpfea45d7h4sts9jheqevshgh noticed some Chinese language posts mentioning using Relayable relays. Not long after saw our US relay getting an influx of Chinese language posts and Spam from Chinese IPs. Which is odd since someone in mainland China would be directed by our latency based DNS routing to our Singapore relay.
These spam posts are much more evasive than others usng short or long string. Seems to be effecting a lot of relays. We have blocked IPs and found sources of a lot of the spam. The previous spam over weekend was tracked to US and Spain IPs. Adding more policies to thwart these type of attacks. If run relay feel free to DM me for the IP list. 🤙🫂
Examples:
Discussion
Long term are you more worried about the transmission of the spam or the ability for it to by pass the “spam firewall settings?”
Both. I was purposely baiting the bots overnight to get them to reveal IPs and tactics. The Chinese spam I started to get seemed more organized and focused after the influx of real Chinese users. So in my fiat life this alludes to something usually more sinister. Still digging into it but some source IPs are Chinese govt potentially.
