Hello everyone.
As you most likely have noticed, this community (along with some communities on other Lemmy instances) has become the target of a spam wave that quickly rose to prominence across the Fediverse: https://techcrunch.com/2024/02/20/spam-attack-on-twitter-x-rival-mastodon-highlights-fediverse-vulnerabilities/
For a while I thought staying alert and catching spam posts manually would be sufficient to weather the storm, but I was wrong. Even when I managed to remove posts immediately, it appeared as if the federation of either removals or reports was delayed, as I kept receiving plenty of reports by members of foreign instances for posts I had already removed.
I’m aware this spam has negatively impacted many users who view [email protected], some of which have understandably seen themselves forced to block this community to keep the spam off their feed. I took too long to take proper action, and I’m sorry.
A group of great Mastodon instance admins have managed to aggregate a list of instances that currently house the spam bots. As of now, dormi.zone blocks all instances found in this list. If you’re at home on one of those instances and are now cut off from this community because of the block, please understand that this is currently the best option Lemmy by itself offers to contain these sorts of attacks.
In the future, I will try to set up an AutoModerator that should handle these attacks more efficiently. Recent IRL circumstances have left me with limited time to look after dormi.zone, and I’m thankful for your patience in these times.
EDIT: I have been informed by admins from other Lemmy instances that because of the specific moderation action I took (banning the spammers from this instance), post removals weren’t federating, keeping the posts visible on some foreign instances. This is why I might have looked like I took days to remove some posts.
As a user from a different instance, would you prefer we keep reporting, even if propagation of removing posts is slow, or that we report one/two and assume you’ll catch the spam from there?
Yes, please keep reporting! I’ve been informed that the federation of post removals wasn’t slow, but rather not happening at all because I applied instance bans to the spammers, which doesn’t federate content removal.
Unfortunately you’re doing all you can, exploitable vulnerabilities are going to be an issue in a system that doesn’t have a dedicated security team to deal with these matters.
Hey, I’ve been seeing LOTS of reports from lemm.ee users about spam on this instance. We’ve been banning and resolving the reports on our end - but if that makes it difficult for you to find all the spam please let us know. Sadly, marking reports as resolved marks them resolved for others too. I sorta wish that specific function was defederated. Our queue was filled with reports and it was hard to keep track of non-spam without clearing them out.
All good! Thankfully there’s been plenty of reports coming in for each post. I hope this community didn’t cause your team too much trouble.