❕ Note: Bluesky has banned *.hf.space from their relays, seemingly just before the writing of this post.

sigh, we've all seen them. the inauthentic fundraising spam&scam bots have taken over Bluesky. but today, I decided to do some research into a specific tactic these scammers were using.

HuggingFace Spaces

One of my posts was auto-reposted by an account with a domain ending in .hf.space, I knew this was a HuggingFace domain, so I looked into this one.

the huggingface spaces domain system gets provisioned as follows: {user}-{repo}.hf.space

here is an example of one of these repos. its just a Dockerfile with some default README.

this Dockerfile includes eeeeeeeverything you need to run a PDS. including the PDS secrets...

the first thing I noticed was the PLC signing key. using boat, I was able to change one of the spam account's handles to something else.

you can of course do more than just that with the PLC key, repo signing key, JWT secret, and PDS admin password.

so...

I made a set of tools to 1. empty all of the repos in a PDS, 2. generate a new rotation key and remove all other rotation keys (for all repos in a PDS), 3. post to all accounts on a PDS, 4. reset all passwords and set new ones on a PDS, 5. takedown all repos on a PDS. you can do all of this with just these secrets!!

and...

I made a script that watches the PDS for new accounts, and then automatically resets the password and performs a takedown with the PDS admin password.

this was, safe to say, very fun to watch the new accounts roll in and automatically get taken down.

eventually I built out a way to discover new .hf.space PDSs and automatically run all the tools & start watching for new accounts to autotakedown.

now thankfully as stated at the top of the post, Bluesky has now banned HuggingFace spaces from showing up on the relay. so this specific method of hosting spam&scam won't work anymore, and neither will my trolling :(

anyways, don't post your keys online dummies >_>