Spectral Web Services
Heads up for self-hosters
It's time to 'ghost update'.
Just a quick heads up for folks self-hosting who might not be watching the forum.
A lot of Ghost sites (although not mine) have been hit recently with spam sign-ups that use email addresses from email to SMS relays, like [email protected], for example. It's reported to be a mixture of users actually validating these email addresses, and bounce messages for invalid addresses. I haven't seen any convincing analyses on why it's happening, but you probably want to block it.
The change rolled out in 5.107.1, but then there was an email encoding bug in 5.108.1, so if you're updating, be sure to hop all the way up to 5.108.2 or higher. I normally recommend self-hosters update about a week after release, to avoid being guinea pigs for new releases, but this is one of those cases where you probably want to go ahead and do it.
After you update, you'll also need to edit your config.production.json file to include the domains you want to block. The community is sharing problematic domains on this forum thread.
If your install uses config.production.json (common for non-Docker installs), add:
"spam": {
"blocked_email_domains": ["tmomail.net", "txt.bell.ca"]
}If your install uses environment variables (common for Docker installs and Pikapods), add:
spam__blocked_email_domains: '["tmomail.net","txt.bell.ca"]'Hope you're having a great and spam-free day!
Cathy
