I have taken the advice from this post and blocked all instances with > 10,000 users, from this list: https://docs.google.com/spreadsheets/d/e/2PACX-1vRthB7RtY4Rr0t5fhVKaliJnwSmptMc5oJi7uha_OBcF4wpu4eElxAxNzaCqjlq6NsOE9GpgSnMzZ2x/pubhtml

I will continue to monitor things and will make another announcement if more blocks are necessary.

If anybody is interested in getting a cleaned up instance federated again, feel free to contact me over DM (if you’re currently blocked, you can contact me on Matrix: @smorks:40to.ca).

  • Gazing2863
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 years ago

    It seems weird that spammers/bots would want to target lemmy so quickly considering it’s relatively small size. It makes you wonder if it’s really Reddit or a 3rd party they hired trying to make Lemmy seem like a less appealing alternative with these kinds of attacks.

    • jadero
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 years ago

      One thing that is increasingly common among the bad actors is the construction of bot farms, etc that just sit dormant until they find a use or, often, a client the farm can be leased to. I would expect that any new distributed system, whether it doorbells or forums, will attract these kinds of activities.

      My opinion is that detecting, preventing, and mitigating this kind of “pre-attack infiltration and propagation” will have to become a standard part of every system operator’s toolkit.

      • Gazing2863
        link
        fedilink
        English
        arrow-up
        6
        ·
        2 years ago

        Yeah I am more just saying it seems odd how quickly tons of bots decided to start coming for the site. Normally that is a slower ramp up that you start to notice build over time. Kinda like when reddit first started there wasn’t much of a spam issue. It just seems almost like a targeted attack in a way. But you could also be totally right. I just like my anti-reddit conspiracy theory ;)

        • floofloof
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 years ago

          Reddit is not the only corporation that would have an interest in torpedoing the Fediverse before it becomes a real competitor.

          • Gazing2863
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 years ago

            Interested in who these other ones would be? From my understanding Meta for example is trying to integrate in someway into the Fediverse style community so I can’t imagine they would, but maybe they could have some incentive to make other instances look toxic. Maybe Twitter, but you’d think they would have started their attacks earlier back when Mastodon started to become a thing. The timing of all the bots coming just seems inline with when it would impact reddits bottom line the most.

            Especially when it comes to IPOs we have seen other companies do toxic behaviour or hire 3rd party companies to do it in order to try and make themselves look better prior to an IPO. With their aggressive takeovers of subreddits I wouldn’t put it past them. I’ve been on reddit now over 15 years and reddit has completely shredded the respect I had for them in such a short period of time.

        • sinnerdotbin
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          2 years ago

          You’ll find this on any service. Even a proprietary software that is hosting some inconsequential site will get hammered if it has any kind of signup/contact form/content submission.

          It takes nothing to deploy a spam bot, and many just cruising around looking for forms. There are tools and libraries out there that described over simplified: simulate a browser and you record a macro on how to populate the fields. If they hit one site or service that has an admin asleep at the wheel and spam gets through it is worth the (largely automated) effort. I’m actually surprised there isn’t MORE of it happening.

          Personally I don’t think monoliths are really overly worried about federated platforms (even if they should be), and I don’t think they’d risk the legal aspects of getting caught messing with another system. Then again, not many instances have published a TOS so it could be argued there is no legal consequence, and some monoliths have engaged in practices I was surprised at, so who knows.