this post was submitted on 24 Mar 2024
71 points (100.0% liked)

Lemmy

497 readers
1 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

There have been a number of comment spam attacks in various posts in a couple of /c's that I follow by a user/individual who uses account names like Thulean*

For example: ThuleanSneed@lemmy.tf in !coffee@lemmy.world

and ThuleanPerspective2@eviltoast.org in !anime@ani.social

edit: Also ThuleanSneed@startrek.website in !startrek@startrek.website

The posts have been removed or deleted by the respective /c's mods, and the offending accounts banned, but you can see the traces of them in those /c's modlogs.

The comments consist of an all-caps string of words with profanities, and Simpsons memes.

An attack on a post may consist of several repeated or similar looking comments.

This looks like a bored teenager prank, but it may also be an organization testing Lemmy's systemic and collective defenses and ability to respond against spam and bot posts.

top 11 comments
sorted by: hot top controversial new old
[–] lemann@lemmy.dbzer0.com 23 points 7 months ago (3 children)

A per-user rate limit of some sort could have reduced the attack surface I think? Something like that would be quite a bit of dev work to implement though...

At least the situation was promptly resolved and users nuked, although R.I.P. to any smaller Lemmy servers that went down due to the massive spam wave

[–] scrubbles@poptalk.scrubbles.tech 26 points 7 months ago

Actually there is, spammers are kind of funny because they help solidify the platform long term for short term gains. Turns out rate limiting was broken in the latest release of Lemmy, and no one noticed until this latest attack. So, there's a big fix and sounds like it'll be patched in the latest version. Thanks spammer for helping us bugfix the platform to shore it up!

[–] zabadoh@lemmy.ml 6 points 7 months ago

I'm not sure how extensive the spam wave was, nor how quickly the user was able to create an account, make the comments.

I doubt that the quantity in that I came across would be enough to take down a server, but that may be the point: To test lemmy's collective defenses and response without drawing too much attention.

A common IP address or address range ban file that's frequently updated and downloaded by each instance might be another way to boost security.

If this is actually an org attack, I'm guessing that we'll see botnet DDOS comment and post attacks next.

[–] Atemu@lemmy.ml 2 points 7 months ago

This wouldn't really solve the issue as the user could rather simply create as many accounts as they like to circumvent per-account limits.

[–] paddythegeek@lemmy.ca 14 points 7 months ago

I saw these a few days ago and they reminded me that I am a moderator of a sleepy little community. 😆

Thankfully the mod tools were very effective in banning the user and nuking comments.

[–] RobotToaster@mander.xyz 5 points 7 months ago

Noticed this before, it's quite annoying.

[–] TWeaK@lemm.ee 4 points 7 months ago (1 children)

You wrote usernames as email addresses. You should have put /u/ in front to make links. You can also use @, however that will send a metion notification to the user.

[–] TWeaK@lemm.ee 5 points 7 months ago* (last edited 7 months ago)

Also FYI I think lemm.ee has some automation that blocks these. I don't ever seem to get them, yet when I check other instances I can see them. Either that, or our admin are just hot on this stuff and ban them early on - both of these users were banned 3-4 days ago.

lemmy.tf seems to be a problem instance, it's still running v0.19.0 and doesn't have captcha for sign ups.

[–] SheeEttin@programming.dev 3 points 7 months ago (1 children)

A lot of this stems from instances running old versions with loose registration requirements, like no captcha. This is a problem in a federated system because there's no barrier for a banned user to just jump to another instance.

Perhaps it would be a good idea if, when Lemmy has anti-spam measures implemented like rate-limiting and captchas for registration, it disabled federation with instances that are at a lower version, to motivate small instances to upgrade and enable the new features.

[–] Quill0@lemmy.digitalfall.net 3 points 7 months ago (1 children)

What I really want to see is the ability to set a threshold for a server to reach before it will federate.

Example: you have a server, you don't allow others to federate unless those servers force captcha or approval of user registration

[–] nutomic@lemmy.ml 2 points 7 months ago

The problem is that a server could very easily lie and claim to have captchas when it really doesnt.