We’re happy to announce that Mastodon 4.5 is now ready for prime time! Quote posts, async fetching of replies, server timeline visibility settings, more moderation tools, and lots and lots of other tweaks and improvements.

Announcement on our blog: blog.joinmastodon.org/2025/11/…

Full release notes and update instructions are available on our GitHub release page: github.com/mastodon/mastodon/r…

#mastoadmin

Release v4.5.0 · mastodon/mastodon

For a user-focused highlight of these changes, see https://blog.joinmastodon.org/2025/11/mastodon-4.5/ For changes of particular interest to application developers, see https://blog.joinmastodon.or...

^GitHub

one of the most irritating parts of running your own instance is having to modify source files just to change your character limits. there are plenty of posts out there describing how to change the character limits for posts, but almost none on how to change the limit for alt text (1500):

here's the source file where the alt text char limit is buried:
/instance/app/javascript/mastodon/features/ui/components/focal_point_modal.jsx

and here's the source that needs to be changed:

<FormattedMessage id='upload_modal.detect_text' defaultMessage='Detect text from picture' />
</button>
<CharacterCounter max={1500} text={detecting ? '' : description} />
</div>

<Button
type='submit'
disabled={!dirty || detecting || isUploadingThumbnail || length(description) > 1500 || is_changing_upload}
text={intl.formatMessage(is_changing_upload ? messages.applying : messages.apply)}
/>
</form>

change "1500" to whatever value you want.

#mastoAdmin

Fedi admins, be aware that a lot of people who report abuse don't forward it to its original server because the official Mastodon app doesn't include this option.

If you're running a public Fedi server and you receive a report about a bad post, you might also want to report the bad post to yourself and make sure you've selected the option to forward it to the original server.

If the original server never receives a report, the spammer/abuser/etc will keep posting.

#FediAdmin #MastoAdmin

🚨 Mastodon Support Scam 🚨

It looks like there's another wave of fake Mastodon support accounts asking you to verify your account.

Do NOT click on any links in these posts. Please report them to your server admin as soon as possible.

Please boost so that as many people can be aware of this as possible. Thank you! 💙 ☁️

#FediAdmin #MastoAdmin #MastodonSupport #Scam #Moderation #Report #Mastodon

🚨 Alert 🚨

There is a new scam wave spreading across Mastodon.

If you see a post like the one below, do not interact with it. SImply report to your server admin.

As moderators, we will do our best to respond to these reports swiftly and will suspend any account guilty of sharing malicious links.

Server admins, if you are able, now may be the time to temporarily turn off open sign ups to help prevent the spread.

Please boost!

#MastoAdmin #SpamWave #Scam #Mastodon #Boost #ScamWave

Been screwing around with Nixos today and holy crap, this is the fastest I have ever setup a Mastodon instance.

Added everything in as described on the wiki and BOOM! The instance came up and I could create an account.

I still know NOTHING about Nixos other than some YouTube knowledge but I kinda feel like this can replace Ubuntu for my servers that I run.

Also... I DIDN'T KNOW CHANING THE FAVICON WAS BUILT INTO MASTODON NOW. I have just updated the esper.lol one.

#nixos #mastoadmin

#MastoAdmin folks who weren't around the #Fediverse and #Mastodon back in 2018 may not know (or those who were, may have forgotten) how unpopular trending tags were when the project leader forced it despite extensive criticism about creating abuse vectors and clawing back promises of creating an algorithm-free network.

(1/7)

github.com/mastodon/mastodon/i…

Popular or trending hashtags · Issue #271 · mastodon/mastodon

I think it would be cool to be able to see some of the most popular hashtags of the last 24 hours. It could fit nicely at the top of the "public" panel.

^GitHub

We just released Mastodon 4.3.3, 4.2.15 and 4.1.22. They contain a few bug fixes as well as a security fix (medium severity, github.com/mastodon/mastodon/s…)

We recommend every instance administrator to update as soon as possible.

If you are using our nightly releases, a container image with the fix has been published with the `nightly.2025-01-17-security` tag.

Full release notes and update instructions are available on our GitHub release page: github.com/mastodon/mastodon/r…

#mastoadmin

Releases · mastodon/mastodon

Your self-hosted, globally interconnected microblogging community - mastodon/mastodon

^GitHub

We just released Mastodon 4.3.1!

It contains some bug fixes and a few small features, like (optional) grouping of follow notifications and improvements the fediverse:creator setup instructions.

Upgrading requires re-compiling frontend assets (if not using Docker), instructions are in the release notes : github.com/mastodon/mastodon/r…

#mastodev #mastoadmin

Release v4.3.1 · mastodon/mastodon

Changelog Added Add more explicit explanations about author attribution and fediverse:creator (#32383 by @ClearlyClaire) Add ability to group follow notifications in WebUI, can be disabled in the ...

^GitHub

If you're wondering where the "Mark images as sensitive" option went in Mastodon v4.3.0, it's now hidden behind a cheat code.

You need to turn the Content Warning option on, but leave the warning text box itself blank. This will cause the images in your post to be marked as sensitive, without marking the whole post with a content warning.

#MastoAdmin #SunnyGardenAdmin

A so-called "AI-powered social network start-up" has started cloning posts from across the Fediverse without asking permission. You can find out more in this discussion thread:

social.wake.st/@liaizon/112603…

You might want to defederate from Maven, the domains to suspend are:

maven.ly
heymaven.com

This defederation will be much more effective if you have "authorized fetch" switched on, more info about it at fedi.tips/authorized-fetch

(via @liaizon)

#FediAdmin #MastoAdmin #Fediverse

Adding user safety through Authorized Fetch on Mastodon | Fedi.Tips – An Unofficial Guide to Mastodon and the Fediverse

An unofficial guide to using Mastodon and the Fediverse

^fedi.tips

Woha, this is unexpected: in a future update mastodon will automatically turn off open registration if no mod has logged in for a week or longer:

github.com/mastodon/mastodon/p…

This is great news, and should hopefully significantly cut down on abandoned servers being used to send spam!

(And this is in addition to also having open registrations off by default on new servers.)

Great news!

#mastoadmin #spam

Automatically switch from open to approved registrations in absence of moderators by ClearlyClaire · Pull Request #29318 · mastodon/mastodon

This is not meant to replace #29280, but supplement it to avoid unmonitored servers keeping open registrations indefinitely. Automatically switch away from open registrations if no user with the pe...

^GitHub

im getting really tired... -w-

summary of today:

someone on a Japanese hacker forum decided it was a good idea to spam the entire Fediverse because they wanted to cancel a minor that DDoSed a Discord bot which apparently made them lost millions (what?)

A Discord bot. I can't make this shit up man.

The real culprit seems to be someone who goes by mumei in the ctkpaarr.org forums, whose first post was literally a threat to ap12, that if they don't delete their "Kuroneko Server" Discord bot, they will spam every blog, forum and SNS and cancel him.

This shit is ridiculous.

The ap12 account from mastodon-japan was actually fake, and this dude impersonated a minor to get all of the Fediverse (us) to bully him.

The forum admins didn't even stop this. Why? lulz apparently. #fediblockmeta#fediadmins#fediadmin#mastoadmin#mastoadmins#spam#cybercrime#cybersec#infosec#drama#discord

Oh, look at that.

I don't know who mentioned this the other day, but I'm happy to see this is actually a thing now.

When an admin tries to block another whole instance it gives a summary of how many connections will be severed, which is good because domain blocks are a nuclear option. In this case it was warranted though since that instance openly allowed harassment.

#mastoadmin

I recently discovered a feature for moderators where you can help with accessibility. When moderating a hashtag, you can change its display name to replace lower-case with upper-case letters. This will help both dyslexics and vision impaired people.

If you can afford an extra minute or two to fix these while moderating trends, it will make them easier to read for everybody, especially the really long tags in hashtag games.

#MastoAdmin #MastoMod #Inklusion #BarriereFreiheit #Accessibility #a11y

Mastodon 4.2.1 is here! 🥳 github.com/mastodon/mastodon/r…

I have two fixes in there, including the #MastoAdmin retention dashboard not working for anyone who lives in the western hemisphere 🌐

I had another one that adds Elasticsearch storage size to the admin dashboard, that didn't make it in here, but it's on main so it'll make its way to you eventually. 🤷

Release v4.2.1 · mastodon/mastodon

This is a bugfix release for the 4.2.0 version, if you're installing from an earlier version, please check the 4.2.0 release notes as they contain important information on how to update. ⚠️ We rec...

^GitHub

Just a heads up that there will be update is coming to the Mastodon Auto-installer script in just a few days.

It'll be fully interactive, meaning no more code modifications in the script! 🎉 Simply respond to the server prompts during script execution.

And guess what's next? We're considering a GUI installation wizard! 🔮

Check it out here:
github.com/Honeytree-Technolog…

Happy installing

#Mastodon #MastoAdmin #MastoAdmins #MastoDev 🐘✨

Good News #mastoadmins! 📣

Here is an automation script for #Mastodon 🐘 to simplify and facilitate the installation, configuration, & hardening of Mastodon on a new server.

Dive into the script at github.com/Honeytree-Technolog….

Tailor it to your needs. If you appreciate the effort, give it a star and spread the word!

Feedback and ideas are always welcome, so please reach out.

Wishing you smooth #mastodon deployments! 🛠️

#Mastoadmin #Mastodon #Automation #Orchestration

🚀 The Mastodon Auto-installer script has just been UPDATED! 🚀

Gone are the days of modifying code in the script. It's now fully interactive! 🎊 Just follow the server prompts during script execution, & you're all set.

PLUS, for an even smoother experience, we now have ONE-COMMAND installs! 🎉

But there's more... A GUI installation wizard might be on the horizon! Stay tuned. 🔮

Dive in & give it a try:
github.com/Honeytree-Technolog…

Happy MastoAdmining!

#Mastodon #MastoAdmin #MastoAdmins #MastoDev

GitHub - Honeytree-Technologies/Mastodon-Auto-Installer: This script installs and hardens a one server mastodon install.

This script installs and hardens a one server mastodon install. - GitHub - Honeytree-Technologies/Mastodon-Auto-Installer: This script installs and hardens a one server mastodon install.

^GitHub

oh, here's some JUICY rumored details about meta's plans for the fediverse

tl;dr "Meta will only federate with select larger instances from the beginning. There will be contracts which also provide for financial compensation for the instance owners."

can't entirely verify their validity but it's still worth posting just in case

#FediPact #barcelona #project92 #p92 #meta #facebook #fediverse #fediblockmeta #FediAdmin #MastoAdmin #threads

PSA: It looks like mastodon.social has implemented hCAPTCHA on their signups yesterday.

So, if you have limited / suspended mastodon.social because of the spam issue, you may wish to reconsider this.

This will also likely mean that spammers will move to different instances (already seeing them targeting mastodon.world).

You may wish to consider implementing hCAPTCHA yourself to protect your own instance, and here is the relevant PR:

github.com/mastodon/mastodon/p…

The reason I'm suggesting this, is because if you are a small/medium instance with open registrations, and spammers find and abuse your instance, I imagine that other instances will limit/suspend your instance without hesitation, given how willing some were to limit/suspend the much larger mastodon.social.

But do note this comment on the PR:

“To give some context to people seeing this: this is an emergency feature backport from Glitch SOC to help mitigating an ongoing spam wave, this feature may not make it in a next release, or with significative changes.”

#MastoAdmin #FediAdmin #fediblock

Add hCaptcha support by ClearlyClaire · Pull Request #25019 · mastodon/mastodon

Add optional hCaptcha support. Whenever the environment variables HCAPTCHA_SECRET_KEY and HCAPTCHA_SITE_KEY are set, the admin can enable hCaptcha: When enabled, users are shown a captcha when con...

^GitHub

One of the main challenges for new servers on here is discovering content to interact with.

Relays speed up the discovery process, and allow even a single user server to automatically see a large part of the Fediverse.

There's a new relay service by @astro­@c3d2.social called FediBuzz Relay:

➡️ relay.fedi.buzz

It allows servers to subscribe to custom relays based on tags or instances. (If you use this, can you let us know your experiences in the replies?)

#FediAdmin #MastoAdmin

We have reached 100 members on datasci.social! 🥳

Since opening registrations in Jan with 50 members we have doubled in size, following a nice pace of growth. We are now also steadily posting over 100 new posts/week.

With ample capacity to grow, we encourage everyone interested in #DataScience, #NetworkScience, #ComputationalSocialScience, and related fields to join us, or to spread the word about our place. #MastoAdmin

community.datasci.social/blog/…

Several Mastodon instances (including Newsie) have come under cyber-attack recently by state-level actors.

If you are the admin of a Mastodon Instance that overlaps arts, human rights, civil society, journalism, or democracy and would like FREE cyber security protection from Cloudflare as part of Project Galileo please reach out as Fourth Estate is a long-time Project Galileo partner

See: cloudflare.com/galileo/

#mastoadmin #mastodon

Project Galileo

Through Project Galileo, Cloudflare provides free cyber security services to organizations supporting the arts, human rights, journalism, and democracy.

^Cloudflare

It's trivial to determine the real IP of a Mastodon server behind Cloudflare. All it takes is one well-crafted request:

gist.github.com/cutiful/4f36da…

I wonder how many instance admins using Cloudflare know about this? My hunch is most do not, because the primary justification I see for using Cloudflare here is DDoS protection.

Cloudflare won't help if the attacker knows your origin IP, and you can't hide that with Cloudflare alone, due to the nature of ActivityPub.

#MastoAdmin #InfoSec

Detecting the real IP of a Cloudflare'd Mastodon instance

Detecting the real IP of a Cloudflare'd Mastodon instance - mastodon-ip.md

^Gist

The domain zwezo.o-k-i.net automatically creates mirroring #Mastodon #bot accounts upon any #Twitter handles put into their search field, without authorization by the original Twitter profile owners.

I doubt, this is #legal, under EU law at least & find it highly #disturbing, that anybody can create bot accounts referring to others, who are neither aware of this nor authorized this in person.

BIG FLAW!

Please boost, so mastoadmins can take action.

#mastoadmin #followerpower #boost
@rysiek

#mastoAdmin

jortage.com/ takes the "duplicate every image across every fedi server" model and deduplicates as possible at the media storage level

self-hosting an instance and outsourcing media storage has been for me a nice balance

i just upped my contribution a bit

thought you should all know about #jortage

I wrote a bot that parses the current #Mastodon instances and assigns them to the respective #ASN (de.wikipedia.org/wiki/ASN).

Interesting is the concentration on a few top ASN. Here for example the 10 most frequent ASNs as Pie Chart (as of 11/25/2022).

❤️ Thanks to @TheKinrar for the nice API for receiving the current mastodon instances.

#networking #network #mastoadmin #mastoadmins #research #bot #instance

Concerning to see #MastoAdmin comments from instances with many tens of thousands of users admitting they still don't know a lot of very basic concepts around how the software works.

If you're going to let your instance become "too big to fail" (which you shouldn't) at the very least you owe it to the larger network to please get up to speed on all of the aspects of administering & moderating the software.

We are here and in matrix.to/#/#mastodon_admin:ma… for support.

Matrix - Decentralised and secure communication

You're invited to talk on Matrix. If you don't already have a client this link will help you pick one, and join the conversation. If you already have one, this link will help you join the conversation

^matrix.to

Here's a #mastoadmin tip: Use your powers of custom CSS to make Mastodon more accessible. The default link highlight colour (both 3.x blue and 4.x purple) contrasts are not WCAG compliant.

Illustrated below – we also highlight mentions and hashtags like links to make them easier to see – I find the default of "usernames are not quite white, but it's hard to see the difference" pretty distracting.

I'm a little surprised to see a lot of people posting domains in #FediBlock that any competent admin should have blocked on day 1.

Start with the weirder.earth suggested instance blocks, which are generally bigger/more active ones: github.com/weirderearth/weirde…

Tenforward.social has a much longer list with links to admin announcements, with reasons: wiki.tenforward.social/doku.ph…

Here's the current flipping.rocks list: flipping.rocks/about/more#unav…

#FediBlock #MastoAdmin

flipping.rocks

A cozy online home for arthropod enthusiasts, fungi fans, herpers, and other lovers of weird little creatures. [Donate]

^{Hometown hosted on flipping.rocks}

#MastoAdmin #FediBlock

The admin of journa.host is publicly using and linking a scraping utility to track what instances have silenced or suspended his own.

This scraping utility is using code created by Kiwi Farms, and is hosted on the same domain as an instance he himself has suspended. So he'll suspend the instance because others have - but he's happy to use something they host.

In my opinion, this information has destroyed any good will he might have had left.

Yes, running single-user instances of Mastodon is resource-intensive.

I don't think hosting costs scale with followers though. My single-person instance with 1500 accounts has tripled its followers in a week and it's comfortably within the resources available to it with 25 €/month of expenses. Load has barely changed.
respublicae.eu/@praetor/109295…

Moderation and other #MastoAdmin costs however scale with the number of eyeballs, I suppose.