507
submitted 1 year ago* (last edited 1 year ago) by Jamie@jamie.moe to c/selfhosted@lemmy.world

cross-posted from: https://jamie.moe/post/113630

There have been users spamming CSAM content in !lemmyshitpost@lemmy.world causing it to federate to other instances. If your instance is subscribed to this community, you should take action to rectify it immediately. I recommend performing a hard delete via command line on the server.

I deleted every image from the past 24 hours personally, using the following command: sudo find /srv/lemmy/example.com/volumes/pictrs/files -type f -ctime -1 -exec shred {} \;

Note: Your local jurisdiction may impose a duty to report or other obligations. Check with these, but always prioritize ensuring that the content does not continue to be served.

Update

Apparently the Lemmy Shitpost community is shut down as of now.

top 50 comments
sorted by: hot top controversial new old
[-] aseriesoftubes@lemmy.world 168 points 1 year ago

Someone is trying really hard to hurt Lemmy by continually attacking the most popular instance. Is this all coming from right-wingers upset that their nazi instances were defederated across basically the whole fediverse?

[-] SheeEttin@lemmy.world 126 points 1 year ago

The simplest explanation is 4chan types just doing it for the lulz.

load more comments (3 replies)
[-] Kungolicious@lemmy.world 71 points 1 year ago

My tin foil hat is telling me it’s one of the other social media companies funding a hacking group to do it. They stand to have the most to lose, and they’ve seemingly decided to enjoy changing the narrative regarding multiple topics. Lemmy stands directly against what the bigger social medias stand for.

I have no evidence to back this though. As a business owner I just know that things become very consistent when people are being paid, and very inconsistent when they aren’t. These attacks are seemingly very consistent/organized.

[-] phillaholic@lemm.ee 55 points 1 year ago

You think a company that is posed to go public is going to attack a competitor with a minuscule amount of traffic with extremely illegal material that could put them in prison for even having?

load more comments (15 replies)
[-] Steeve@lemmy.ca 21 points 1 year ago

You have a massively inflated view of Lemmy's importance in the social media market.

[-] The_Picard_Maneuver@lemmy.world 21 points 1 year ago

There must be room under that tinfoil hat for the both of us, because this was my first thought too.

load more comments (2 replies)
load more comments (2 replies)
[-] CryptoRoberto@sh.itjust.works 45 points 1 year ago

I wouldn't put it past the hexbear crazies throwing a tantrum. They claim to be left wing... Sure seem more like fascist trumper types though. Maybe it's just that they're all incels and incels all seem about the same.

[-] maegul@lemmy.ml 51 points 1 year ago

they’re all incels and incels all seem about the same.

Downvote from me there. I’ve seen plenty of examples of hexbear people being nice, interesting and good sports. They definitely seem to have more of shitposting culture than is normal on mainstream lemmy. But all in all it’s seemed fun to me from what I’ve seen.

Beyond all that, this is just superficial and prejudicial. If you had some examples to link to or more substantial insights to share as to why it’d be “them”, that’d be worth reading.

Otherwise, they’re an instance. Not one person, I’m sure some on hexbear are assholes and some awesome.

load more comments (4 replies)
[-] Fylkir@lemmy.sdf.org 45 points 1 year ago

Throwing a tantrum about what exactly? They're one of the oldest-running Lemmy instances. Until now they were running a fork based on a pre-Federation version of the codebase.

You believe they did a bunch of work migrating their database only to then negate that work by destroying the community they wanted to Federate with?

load more comments (3 replies)
load more comments (6 replies)
[-] The_Picard_Maneuver@lemmy.world 118 points 1 year ago* (last edited 1 year ago)

So, from memory there has been:

  • This recent attack
  • Regular DDOS attacks
  • Frequent attempts to spam community creation
  • That one time the instance got hacked and set to redirect to shock sites

Am I missing anything?

This seems like more than just a few trolls. Maybe someone really doesn't want to see user-owned social media take off.

[-] scrubbles@poptalk.scrubbles.tech 87 points 1 year ago

I see where you're going with this, but no, people really are just absolutely horrible. The fact is that with other social media they're just already very set up in managing this so we never see it. Lemmy wants to be open, this is the flipside of that openness.

[-] kromem@lemmy.world 22 points 1 year ago

It's generally easy to crap on what's 'bad' about big players, while underestimating or undervaluing what they are doing right for product market fit.

A company like Meta puts hundreds of people in foreign nations through PTSD causing hell in order to moderate and keep clean their own networks.

While I hope that's not the solution that a community driven effort ends up with, it shows the breadth of the problems that can crop up with the product as it grows.

I think the community will overcome these issues and grow beyond it, but jerks trying to ruin things for everyone will always exist, and will always need to be protected against.

To say nothing for the far worse sorts behind the production and more typical distribution of such material, whom Lemmy will also likely eventually need to deal with more and more as the platform grows.

It's going to take time, and I wouldn't be surprised if the only way a federated social network eventually can exist is within onion routing or something, as at a certain point the difference in resources to protect against content litigation between a Meta and someone hosting a Lemmy server is impossible to equalize, and the privacy of hosts may need to be front and center.

load more comments (4 replies)
[-] Bitrot@lemmy.sdf.org 36 points 1 year ago

It is very reminiscent of the trolls in the earlier web.

[-] enbee@compuverse.uk 70 points 1 year ago

big F in chat for those of you dealing with this. my #1 fear about setting upand instance.

[-] jeffw@lemmy.world 43 points 1 year ago

It impacts everyone when this shit happens. It takes time for mods/admins to take down. And you can’t unsee it.

I hope nobody else has the misfortune of stumbling on that shit

[-] Transcendant@lemmy.world 43 points 1 year ago

There have been studies which found playing tetris for an hour or two after seeing something traumatic can prevent it taking root in our longterm memory.

I tried it once after accidentally clicking a link on reddit that turned out to be gore, I can't remember exactly what it was now (about 9 months later) so it must have worked

[-] jeffw@lemmy.world 30 points 1 year ago

This advice is a few hours too late for me. Hope it helps others

load more comments (3 replies)
load more comments (3 replies)
load more comments (1 replies)
[-] itsdavetho@lemmy.world 70 points 1 year ago

I literally am going to give up social media in general if this doesn't stop

Seen it last night late around 3am shit made me sick I honestly almost cried but I just closed the app and tried not to think about it

Whatever the goal is it's a stark reminder that there is monsters creeping in the shadows every where you go

[-] Oneobi@lemmy.world 64 points 1 year ago

Likely scum moves from reddit patriots to destroy or weaken the fediverse.

I remember when Murdoch hired that Israeli tech company in Haifa to find weaknesses is TV smart cards and then leaked it to destroy their market by flooding counterfit smart cards.

They are getting desperate along with those DDOS attacks.

[-] AstroTechie@lemdro.id 28 points 1 year ago

Could be, but more likely it's just the result of having self hosted services, you have individuals exposing their own small servers to the wilderness of internet.

These trols also try constantly to post their crap to mainstream social media but they have it more difficult there. My guess is that they noticed lemmy is getting a big traction and has very poor media content control. Easy target.

Moderating media content is a difficult task and for sure centralized social media have better filters and actual humans in place to review content. Sadly, only big tech companies can pay for such infrastructure to moderate media content.

I don't see an easy way for federated servers to cope with this.

load more comments (1 replies)
[-] dandroid@sh.itjust.works 44 points 1 year ago* (last edited 1 year ago)

I got lucky. I am not subscribed to this community, and I am the only person on my instance. But what if I was subscribed and hadn't seen this post? This is too much responsibility for me.

I just shut down my instance until we can disable cached images. If that never happens, then I'm not bringing it back up.

Shout-out to https://github.com/wescode/lemmy_migrate. I moved my subscriptions over in a minute or two, and now, other than not having my post history, it's exactly the same.

load more comments (4 replies)
[-] xtremeownage@lemmyonline.com 41 points 1 year ago

Yup. Nope.

Pictrs is just completely disabled now. Rather be safe, then sorry.

load more comments (8 replies)
[-] owiseedoubleyou@lemmy.ml 34 points 1 year ago* (last edited 1 year ago)

How desperate to destroy Lemmy must you be to spam CSAM on communities and potentially get innocent people into trouble?

load more comments (1 replies)
[-] ExLisper@linux.community 30 points 1 year ago
[-] pory@lemmy.world 42 points 1 year ago* (last edited 1 year ago)

Child sexual abuse material - underage porn. For obvious reasons, you don't want this to be something you're hosting automatically out of your basement server.

[-] ExLisper@linux.community 27 points 1 year ago* (last edited 1 year ago)

That's what I thought. Back in my days it was called CP.

[-] Manifish_Destiny@lemmy.world 21 points 1 year ago

Csam is an objectively better name.

'Porn' implies consent.

[-] ExLisper@linux.community 26 points 1 year ago

In what world anyone would think that CP implies consent? I mean, the word 'child' is right there. Do you think that the term 'child soldiers' implies consent? I don't have anything against the term CSAM but if it was created because of doubts around consent it was a silly reason to create it.

load more comments (3 replies)
load more comments (1 replies)
load more comments (2 replies)
load more comments (4 replies)
[-] slug@lemmy.world 28 points 1 year ago

i’d love for a good tech journalist to look into how and why this is happening and do a full write-up on it. come on ars, verge, vice

[-] Catasaur@lemmy.catasaur.xyz 25 points 1 year ago* (last edited 1 year ago)

Self hoster here, im nuking all of pictrs. People are sick. Luckily I did not see anything, however I was subscribed to the community.

  • Did a shred on my entire pictrs volume (all images ever):

sudo find /srv/lemmy/example.com/volumes/pictrs -type f -exec shred {} \;

  • Removed the pictrs config in lemmy.hjson

  • removed pictrs container from docker compose

Anything else I should to protect my instance, besides shutting down completely?

[-] Rearsays@lemmy.ml 22 points 1 year ago* (last edited 1 year ago)

Likely Spez’s personal jailbait collection

[-] ugjka@lemmy.world 22 points 1 year ago

blocked lemmyshitpost some time age because it is trash anyway

[-] idle@158436977.xyz 20 points 1 year ago

I went ahead and just deleted my entire pictrs cache and will definitely disable caching other servers images when it becomes available.

load more comments (3 replies)
[-] ludrol@bookwormstory.social 20 points 1 year ago

I checked and there shouldn't be any images stored on the server when running lemmy 1.18.4. The post was made in high emotional distress and shouldn't be taken at a face value. If the posts are bothering you I advise purging the posts in question. (I have already done that)

load more comments (9 replies)
[-] DeltaTangoLima@reddrefuge.com 20 points 1 year ago

To be clear, if no one on a given instance sub to that particular /c, the content won't federate to said instance, correct?

load more comments (2 replies)
[-] drcobaltjedi@programming.dev 18 points 1 year ago

I was looking into self hosting. What can I do to avoid dealing with this? Can I not cache images? Would I get in legal trouble for being federated with an instance being spammed?

load more comments (2 replies)
load more comments
view more: next ›
this post was submitted on 28 Aug 2023
507 points (100.0% liked)

Selfhosted

39905 readers
288 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS