We have been informed of another potential CSAM attack to our federated instance lemmy.ml.

After the events of the last time, I have preemptively and temporarily defederated us from lemmy.ml until the situation can be assessed with more clarity.

I have already deleted the suspicious posts (without looking at them myself, all from the database’s command line) and banned the author. To the best of our knowledge, at no point in time any CSAM content was saved on our server.

EDIT: 2023-09-03 8:40 UTC

There have been no further reports of similar problems arising from lemmy.ml or other instances, so I am re enabling federation. Thank you for your patience.

  • Nerd02@lemmy.basedcount.comOPM
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Yeah I remember that. We lost our first instance to that XSS attack (this one we are writing on is the second one).

    And I get why some people might not like Cloudflare, but to my knowledge that’s quite literally the only tool at our disposal. These constant attack can be stressing to some admins, it’s illegal stuff after all. Even if we are doing everything right and reporting it to the authorities, as soon as I got notice of this I had to drop anything I was doing, jump on SSH and start fixing stuff. This isn’t really sustainable in the long run.

    • lilShalom@lemmy.basedcount.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I understand. You could roll your own HA proxy but it would be more expensive and wouldnt be able to provide you the inappropriate content inspect CF provides.

      If someone is really concerned about privacy they shouldnt be using lemmy to begin with.

      • Nerd02@lemmy.basedcount.comOPM
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I don’t really care about caching or load balancing, the only reason I’m considering Cloudflare is that CSAM filter.

        If someone is really concerned about privacy they shouldnt be using lemmy to begin with.

        That’s correct, actually. On one hand, the devs seem so focused on the privacy of users that they often prioritize that over improving the safety of the software (for instance the Lemmy server has next to no logs, apparently for that reason). On the other hand, it’s crazy how much data is transferred over federation. For instance, I have already developed a script that allows me to view EVERY post or comment someone has upvoted. The data is all there, wouldn’t take much for someone to harvest it en masse and start profiling users.

      • Atalocke@lemmy.basedcount.comM
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I’m with you. I don’t like Cloudflare either. Not only for privacy reasons, but I’ve just had a number of generally bad customer interactions with them on other projects. Unfortunately, it seems to be the only solution for this issue. We’ve been lucky so far with these incidents. If somebody ever uploaded that stuff here it’d be an incredible pain in the ass.