Lemmyshitpost community closed until further notice

Roflmasterbigpimp, 9 months ago

I’ve actually never seen anything of this stuff so good job!

uranibaba, 9 months ago

Same here, this is the first I’ve heard of it.

jivandabeast, 10 months ago

This is so fucked, but this brings up a question – is this something to be concerned about for instances federated with lemmy.world? As in, if something like this is uploaded to a community that the instance federates with, their instance will now have a copy as well?

can, 10 months ago

yes

Many instances deleted all pictures for the last 24-48h as a precaution or shut down entirely.

jivandabeast, 10 months ago

I hope it wasn’t any other communities other than lemmyshitpost, but I’m probably going to venture on better safe than sorry for this one.

can, 10 months ago

I’m probably going to avoid browsing new for a while.

douglasg14b, 10 months ago

It definitely is I think.

Imagine being raided for CP and all you did was federate your hobby self-hosted instance to an instance it was posted in.

cubedsteaks, 10 months ago

I signed up for lemmy.today because its based out of the same state I’m in - I saw nothing and I’ve also never had lemmy go down which I see complaints about a lot as well.

AlmightySnoo, 10 months ago

This is seriously fucked up, but won’t closing lemmyshitpost just lead them to target other LW communities?

Probably unrelated but I once saw that community get attacked with scat porn, it could be the same person.

There’s also another issue. If you upload an image to Lemmy but then cancel, the image is still hosted on the Lemmy instance and one can still access it if one copies the image’s URL before canceling. This basically means that there might be other illegal stuff that’s being hosted on Lemmy instances without anyone noticing.

Ab_intra, 10 months ago

Yeah… There has to be a system in place for this. Jesus.

jarfil, 10 months ago

That should probably be fixed at the Lemmy level.

I also found the opposite: had a post, and the image disappeared, with an “error in image” message, for a jpeg. I wonder if whoever did this, was aiming for exactly that outcome.

Iceblade02, 10 months ago

Wow, this is awful. Huge cudos to y’all for holding on through this. It’s obviously a deliberate attack on the fediverse by malicious actors.

Hackerman_uwu, 10 months ago

It is absolutely ghastly to realise that something like this was inevitable.

Thank you for being willing to deal with this. Godspeed.

58008, 10 months ago

Lads, as a casual Lemmy user, just how much danger am I in of having my mind permanently incinerated by seeing images of children being sexually tortured? I’ve been using the net since the mid-90s and I have never seen a single piece of CSAM in that time, and I now realise that I’ve been insanely lucky in that regard. My mind is already host to all manner of unspeakable internet shit (looking at you, cartels), but I don’t think I could endure seeing anything like the stuff those evil fucking degenerate nihilist cunts have on their hard drives. I would want to commit murder.

So, stay the hell off Lemmy or… ?

2d, 10 months ago

If you’re just browsing the front page/hot you should be fine, nothing awful will make it there

XylightNotAdmin, 10 months ago

Unless they use vote manipulation

khannie, 10 months ago

I wonder if “they” is just one person or entity.

Sanity_in_Moderation, 10 months ago

Highly likely. Someone is mad about something.

DogMuffins, 10 months ago

It’s an unusual vulnerability. Highly successful. No technical expertise required. No resources required. Rapidly propagating. Infects users & hosters alike. Real world consequences for infected.

khannie, 10 months ago

Some level of technical expertise is required or they’re going to prison. The Lemmy web server logs are all there. Email address associated with sign up is there. IP address used to create the email address is logged and so on.

Blaze, 10 months ago

If they could, they would have used that already

cybervseas, 10 months ago

Look I unfortunately ran into one of these pieces of content, and I think it will stay with me forever. I think it’s because I sort by “New” in order to try and help promote the good undiscovered content. As long as you focus on Hot/Active, I think you’ll be fine.

khannie, 10 months ago

Sorry for your troubles :( that’s shit

Blaze, 10 months ago

Sorry to hear that…

DogMuffins, 10 months ago

I just read another comment saying that posts were showing up in hot / active somehow despite being heavily downvoted. It wouldn’t surprise me TBH. Hot / active always seems to be buggy.

deweydecibel, 10 months ago

It’s not a bug, it’s just lack of content. You can downvote that shit, but if there’s no other content to stack “on top” of it, well, it can’t go any lower.

CoderKat, 10 months ago

I’d avoid hot. Unlike Reddit’s sort of the same name, Lemmy’s hot gives a lot of weight to brand new posts. I regularly saw lots of posts with no votes when I used it. Active or top is probably safer. Though admittedly, if someone is using bots to post content, they could use bots to upvote, too. Lemmy has pretty much nothing to prevent even basic botting. The way federation works is actually way worse for the ability to prevent bots, because bots just need any insecure instance and can spin up their own instance in minutes if they can’t find an existing insecure one (at the cost of burning a domain).

Afghaniscran, 10 months ago

I think I saw someone mention this before. Apparently hot sorts by the hottest posts of the communities. So if there’s a brand new community its first post will be at the top of hot because its the hottest post that community has had.

shotgun_crab, 10 months ago

From my experience, using “new” is dangerous on any platform. I’ve seen so many cursed thumbnails on youtube…

Lakija, 10 months ago

Same as you. I have avoided it this far. I think Imma back up for a little while. I cannot, cannot see that shit.

I’ll just go outside and read a book.

MrShankles, 10 months ago

I’m kind of the same in regards to this bullshit. Of all the crazy shit I’ve seen during my time on the web; I have never crossed any CSAM. Am I lucky?.. probably yes. But is someone(s) being fucking trash and deserves a slow horrible dismemberment, like I’ve seen online before… I also say yes

They’re trolling with that shit, which means they can find that shit (which I haven’t come across in my almost 30 years of interwebs use)… and I don’t give a shit about “the point” they’re trying to troll; because they’re contributing to it, at the end of the day. They think they’re fucking HaXzOR fuckwits, that found an easy way to cause turmoil?

Welcome. To. The. Fucking. Internet.

Keep that shit up, and they’re gonna get got. It’s low effort, beyond fucking despicable, and they deserve to rot for even entertaining that approach. And they SHOULD be fucking scared; cause they’re on everyone’s radar, and I can promise you that they’re not as fucking smart as they think

It means to me that they’re fucking dumb, (beyond) degenerate, and that they WILL get absolutely fucked by the majority, if they don’t slink back to their fucking gutter… and quick. I can promise you that people who give a shit about it and can do something… they’re already hunting them down. It’s like the type of person that thinks “swatting” people is “LoLz”, until they end up in “pound me up the ass” federal-fucking-prison, because they can’t conceive the fact that they’re not the only one(s) who know how to “use the interwebs”

Fuck around, piss off the right people, and find the fuck out. Think governments don’t have the resources to find your ass, when enough reports have been made? Their days are fucking numbered in my eyes, if they don’t backstep… but they’ve already opened a door to be found, so good fucking luck.

So, will I stay the hell off Lemmy? Nah. Just don’t sort “by new” for now, until they inevitably get cornered. And they better pray they get cornered by the authorities and not by someone(s) who’s got the time to ruin every inch of their being.

Fuck terrorists. And fuck them. Any shit I see is going straight to the proper authority; and the authorities aren’t dumb. And with enough reports?.. they’re gonna go for the source, not the unwilling bystander(s).

This is a feeble attempt at division and fear. Fuck fear… and good luck. Best hope they don’t get caught by the hands of someone who’s better. They’re “playing an ace” when they don’t know a god damn thing about cards

Don’t sort by new for now; I don’t wanna see that shit either. But I’ll be damned if I scroll on by (if I do see one) without helping the hammer get slammed down on them. Just a matter of time for those little bitches, if they wanna keep playing with fire.

Fuck them, they should be scared. I’m good here.

And I’ve got time. Fuck it, I’ll make time just to watch them burn. I’ve dealt with enough bullshit in my life, that I have the energy to contribute to any small bits that I can.

They should be the ones cowering; not us. They made the mistake and I hope they reap what they sow

JustZ, 10 months ago

Have you reported this to the FBI?

snowe, 10 months ago

You don’t report it to the FBI. They need to register with the National Center for Missing and Exploited Children (NCMEC), where they will be given a login and then they report it through there. They also should make sure to not purge the CSAM as there are specific rules about removal.

Rentlar, 10 months ago

¿Por que no los dos?

ShroOmeric, 10 months ago

Not everyone is american. Thank god for that.

aranym, 10 months ago

Ya’ll are going through one of the worst situations I could imagine, but I’m confident you will figure it out and come out better for it. Keep your heads up. (P.S. - Sorry about the scat, lol)

pewgar_seemsimandroid, 10 months ago

4chan.mov

FartsWithAnAccent, 10 months ago

Just saw this: That is fucking awful. Thank you for your service to the community and for protecting us from seeing that shit.

Quacksalber, 10 months ago

I am wondering what kind of moderation tools would be needed.
On the top of my head, I’d say a trust-level system would be great, both for instances and users. New instances and users start out on a low trust level. Posts and commemts federated by them could be set to require approval or get deranked compared to other posts and comments. In time the trust-level increases and the content is shown as usual. If an incident occurs and content is getting reported, the trust level decreases again and eventually will have to be approved first again.

You can couple that with a reporting-trust-level. If a report is legitimate, future report will hold more weight, while illegitimate reports will make future reports hold less.

arudesalad, 10 months ago

The trust system wouldn’t work because it would effect people selfhosting their instances

lemann, 10 months ago

In this situation I think

• major instances define their own trust limits, or at least agree on a common variety
• self hosted instances go through the guarantor process with dbzer0’s fediseer service
• main instances pull data from fediseer and fediverse observer to see if an instance is malicious the first time we federate, if not percieved as such then apply the trust limits to each of the instances users in good faith that the provided data is not manipulated - we could try and cross reference activity with other instances using the activitypub API but this seems ripe for abuse as a DDoS attack vector if we’re running hundreds of user posts/comments through each of the instances it claims to exist on.

This is still not really ideal though and adds more friction.

I think the best compromise would be application signups + pictrs upload restrictions (at the source instance) for newly registered users, which does not exist as a feature. This would keep a human in the loop, who would likely spot opportunistic trolls, and not affect selfhosters too much if they themselves are the admin. Selfhosters who abuse can just be defedded instantly, and would need to buy another domain to continue (freenom no longer offers free domains).

quitenormal, 10 months ago

On the top of my head, I’d say a trust-level system would be great, both for instances and users. New instances and users start out on a low trust level. Posts and commemts federated by them could be set to require approval or get deranked compared to other posts and comments.

Good thinking, but devil’s advocate here: might make it difficult for new users to post anything. I can imagine a lot of communities would utilise that feature, maybe even the majority.

butterflyattack, 10 months ago

Anyone got any idea why they are doing this? Seems a bit extreme.

Zellith, 10 months ago

Fuckin weirdos man.

nostalgicgamerz, 10 months ago (edited 10 months ago)

Potential sabotage. There’s definitely a corporate interest in killing the Fediverse and getting people like you and me back to Reddit and Twitter.

Plus for outside groups with potential interest who aren’t informed of the situation, Lemmy is now branded as that CSAM site so people are not as likely to come here and or leave their established mainstream social platforms

Ab_intra, 10 months ago

This is sabotage on another level. The people posting this faces seriously time in jail for just having it on their PC.

nostalgicgamerz, 10 months ago

Oh I agree

Enigma, 10 months ago

Is kbin having these issues?

dojan, 10 months ago

My cynical mind believes this.

Ensign_Crab, 10 months ago

I think it’s been the same people throughout, starting with the defacing, followed by the DDOS’es, and now this. Judging from the content of the defacing, it’s bigots who don’t like the idea of someplace they’re not welcome.

nostalgicgamerz, 10 months ago

Ah so exploding head fucktards.

The ones that care so much about “grooming” and “leave kids alone”

Who would have thought that was all projection!? Wait we all did

Ensign_Crab, 10 months ago

I was thinking like 4chan types, but your theory tracks too.

Nollij, 10 months ago

I suspect there’s a lot of overlap there

Ensign_Crab, 10 months ago

Fair.

sab, 10 months ago

The problem with asking “who’s behind this untraceable* attack?” is that you either truthful but useless answers (we don’t know), or just someone speculating that their “enemy” is responsible. I wouldn’t use the word projection so easily in this context, if I were you.

(* unless you consider interpol and the likes)

nostalgicgamerz, 10 months ago (edited 10 months ago)

seriously, you’re defending…them? Also I have the right to make assumptions based on previous attacks thesee all occurred right after defederation…so yes, hate groups like them are suspect #1

“If I were you”

Annnnd what is that supposed to imply?

sab, 10 months ago

I’m not defending anyone.

I didn’t expect I had to spell it out for you, but here’s what I’m saying: Until some kind of international investigation force comes out with clear evidence, anyone who tells you “who did it”, is just projecting who they want to be the perpetrator.

AFKBRBChocolate, 10 months ago

This is a very popular Lemmy.World community. This instance has been dealing with regular ddos attacks for quite a while now. Either some person or some group has an issue with this specific instance, or they picked it because it’s the biggest and they’re trying to take Lemmy down generally. The ddos attacks have chased away a number of people, but lots of us have dug in our heels. This is probably the newest strategy.

The admins have said, based on the ddos strategies, whoever is doing it is familiar with underlying Lemmy implementation, so my guess is it’s someone from one of the instances that we defederated from, but it’s just a guess.

EnglishMobster, 10 months ago (edited 10 months ago)

Could be any number of reasons.

My money is on 4chan/8chan/whatever today’s derivative is. I used to be super active with them back in the day when I was young, racist, and stupid.

This sort of stuff matches their target profile:

• Visible - Reddit has shone a spotlight on Lemmy recently, and Lemmy.world specifically has gotten called out as the most promising of all the Lemmy instances
• Vulnerable - the tooling to stop large-scale attacks doesn’t exist. Users aren’t “locked in” to the threadiverse yet. People generally aren’t expecting it.
• “Lulzy” - attacking a large Lemmy community would cause a lot of panic in the wider threadiverse community. The 4chan/8chan trolls thrive on panic; they think people freaking out is funny. The more panic they cause, the funnier it is.

---

The methods line up, too. I wouldn’t be surprised if they were behind the DDOS as well. DDOS is the simplest tool they use, and when that stops being funny they escalate.

CSAM, gore, scat, torture are all stuff they have in their arsenal, ready to spam. They go out and look for the stuff, build up folders of it to use on their victims. That stuff causes panic, and that’s what they thrive on. They want to see the biggest response they can. Scat is just gross, usually a good opener. CSAM is good because it gets operators in legal trouble. Gore and torture makes people leave a site in droves.

Channers aren’t dumb, either. They know how to use technology. If something is open source, that just gives them something to study and look for attack surfaces. Someone will make a custom-built tool to exploit a vulnerability and it will run until the vulnerability is patched. I had dozens of random tools back in the day that were intended for one-off attacks, plus stuff in the toolbelt like Low Orbit Ion Cannon (DDOS) and Cain and Abel (password cracking).

---

I should reiterate that it has been many years since I was part of that crowd - well over a decade at this point. Things are undoubtedly different. (I refuse to call these guys “Anonymous” - that name was butchered a long time ago when people started speaking on places like Twitter “on behalf of Anonymous”. I’m not using the names they call themselves either.)

When I was a channer, one of the big targets was Reddit. Channers hated Reddit, because Reddit would steal stuff from 4chan and repost it. Reddit was just an inferior version of 4chan, but they were so smug about things and they were a bunch of prudes to boot. So Reddit was a relatively popular target until finally they got better at stopping large attacks.

I have to imagine that a lot of channers dislike Reddit still. Lemmy is seen as the new Reddit - and worse, it’s run by commies.

Channers that do this stuff are Nazis. They just are. (Why do you think they chose the number 8 when 4chan got sick of them? It’s not because it’s 4 times 2.) They’re extremely open about being Nazis, with jokes about gas chambers and everything. You get the hardcore tankies as well, but the tankies are generally so far gone as to be essentially indistinguishable from Nazis themselves.

The fact that Lemmy is left-leaning makes it another reasonable target. Nazis hate commies, although they will accept tankies (to an extent). This is probably why Lemmy.ml wasn’t targeted despite being the historic “main” Lemmy instance (full of tankies). Lemmy.world is left-leaning but still highly visible, so it’d be a good target. If Lemm.ee keeps growing, that’s probably the next target on the list.

---

This is all baseless speculation. Lemmygrad and Hexbear are both also reasonable sources. Hexbear is notorious for being disruptive in the same way 4chan was back in the day, but supposedly they’re better nowadays (not that I necessarily believe that).

But I’m reminded of the stuff I did as a dumb kid, before I knew better. It matches with how they act. I’m not saying it’s explicitly 4chan/8chan/888chan/whatever, but the way it’s coordinated certainly smells familiar.

CreeperODeath, 10 months ago

Yeah I don’t blame you for being frustrated

chraqs, 10 months ago

That is awful.

howsetheraven, 10 months ago

Would someone be able to ELI5 why lemmyshitpost has this problem but other communities don’t or at least seemingly? I would think if they can do this to one lemmy.world community, wouldn’t they be able to do all?

RanchOnPancakes, 10 months ago

Very confused by that as well. Its odd.

aidan, 9 months ago (edited 9 months ago)

My understanding from what I remember is that the community was largely where one user was posting pro-Republican memes(but I might be misremembering the community) so I suspect it was the targeted effort to shut up that. (If I am remembering the community correctly).

Edit: Nevermind the community I was thinking of was !shitposting

givesomefucks, 9 months ago

Oh yeah…

Lots of Democrats are willing to post CSAM to stop one random idiot on Lemmy from posting fucking “pro republican memes”

aidan, 9 months ago

I didn’t say democrats, I said one person. I don’t know their ideology, and like I said I don’t remember if that was the same community- and can’t check.

givesomefucks, 9 months ago

Oh, you’re that rightwing teenager who wants to abolish education that got a mod spot in one of the politics subs because you said you wouldn’t remove right wing propaganda…

Now I understand what you’re doing here. Spreading rightwing propaganda.

aidan, 9 months ago

I’m not a teenager, I don’t want to abolish education. I’m not spreading right-wing propaganda, I’m stating why it could be that it was localized to this community. I think you could and at some point may have 4chan users or whoever do this same thing to other communities. But 👍 discredit me as a person rather than what I put forward (not as a fact, just as I said clearly as a vague memory).

PS. It depends what you’re definition of right wing is.

HawlSera, 10 months ago

The only word I can think of is “disgusting”, and that is far from strong enough.