Can your detection method be automated and federated?
I'm asking because this is probably the thin end of the wedge and is likely to increase exponentially, especially since anyone can set up an instance and do whatever they like with it.
this post was submitted on 08 Apr 2025
442 points (99.6% liked)
Fediverse
33060 readers
294 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)
founded 2 years ago
MODERATORS
Wdym. Do you mean how I found out that the attacker was the admin? Yeah sure, you definitely can automate that.
What? She lied to us? 😱
The Liar Who Spammed Me
What? Your favorite spammer betrayed you? I'm soooo sowwy :3
load more comments
(2 replies)
Stumblechat Room: HELL
What app are you using?
load more comments
(4 replies)
Seems relatively painless to chop those two instances off - chinese.lol has less than 200 users, and I can't even find instance info for doesnotexist.club (coincidence? i think NOT).
I do personally wonder how difficult it is to spin up new instances though. How much effort would it be for them to create a new one and do it again?
I'm actually most concerned with the IP leaking of the fediverse chick posts - hopefully some progress has been made with the IP leaking in auto-loaded external media through DM's
Some instances enable the image proxy, which should prevent this.
How much effort would it be for them to create a new one and do it again?
Minimal, but it is the domain that gets blocked so the attacker would still need to purchase a new domain.
load more comments
(1 replies)
I checked the images and so far every image I've encountered linked to the users's lemmy instance's pictrs instance, none were hosted through a custom trackable image host.
I’m actually most concerned with the IP leaking
I'm curious, what is it about IP leaking that concerns you? I've been thinking about it lately but I have a hard time seeing why it's a problem.
load more comments
(1 replies)
load more comments
(2 replies)
Warned about this 11 days ago. https://lemmy.world/post/27449126
This is still a weakness of the current federation model imo
load more comments
(2 replies)
The attacker seems to be the admin of those two instances. Both instances have their registrations closed.
The alternative theory would be that these instances had open registrations, but rightly closed registration down after the admins noticed the bots. chinese.lol is on 0.18.4 with an admin with a 2 year old account, lemmy.doesnotexist.club has an admin with a 1 year account, and it was also that instance that the 'nicole' person has used before. This downvote attack would need to be a long time in the planning for what you're suggesting to be true.
Upon inspecting the actual websites, the registrations seem to be actually open for both instances with no email confirmation, captcha or manual approval as one user pointed out. I checked the Fediseer page for these instances. What is the update delay for Fediseer?
Should be 12 hours, unless they explicitly prevent us from accessing their nodeinfo. Which now that I think about it, I should probably notify on.
What is the update delay for Fediseer?
I don't know. It's not something I'm familiar with - it might just default to saying 'closed' if it doesn't have the data.
It's interesting that the obvious bot accounts on those instances were set up in mid-March last year, so I'm guessing that these are somebody's army that they've used before, but overplayed their hand when they turned it on the DonaldJMusk person. The admins can reasonably be blamed for setting up instances with open registrations and no protections and then forgetting about them, but I'd be wary of blaming them for being behind the attack directly. The 'nicole' person is unlikely to have used their own instance - it's probably just someone with the same MO as whoever owns the bots, finding and exploiting vulnerable instances.
it might just default to saying 'closed' if it doesn't have the data.
Nope. Fediseer displays unknown fields as N/A.
The admins can reasonably be blamed for setting up instances with open registrations and no protections and then forgetting about them
No, I don't think they forgot. Would you forget about something you regularly pay for?
People forget about subscriptions all the time when they are cheap enough. The admin might even have some kind of grouped payment for multiple domains/sites and doesn't bother cleaning them out to shut them down.
Beats me what anybody would get out of vote manipulation on lemmy - there are no sponsors, no money involved AFAIK. What's the payoff, upvotes?
Pettiness. I guess some people suffer from such extreme grass deficiency that they'll go through all the trouble of setting up bots to do fully automated luxury harassment instead of small-batch hand-raised harassment.
Winning the hearts and minds in a propaganda / information war at relatively low cost
The person being downvoted is the mod of c/conservative. I'm guessing this is a political maneuver to bury his posts/bully him off lemmy
We don't need bots to do that!
load more comments
(1 replies)
We need public voting or this will only get worse. It's currently way too easy to manipulate everyone's feed.
load more comments
(2 replies)
Edit: It is now open for both of them, or was already. I checked the Fediseer page for both instances and it still says that their registrations are closed.
Fediseer doesn't check constantly btw.
@TomMonkeyMan@chinese.lol @yassinsiouda@lemmy.doesnotexist.club
view more: next ›