from asudox@lemmy.asudox.dev to fediverse@lemmy.world on 08 Apr 09:35
https://lemmy.asudox.dev/post/188744
The attacker seems to be the admin of those two instances. Both instances have their registrations closed.
Edit: It is now open for both of them, or was already. I checked the Fediseer page for both instances and it still says that their registrations are closed.
Though it is suspicious that no captcha, email confirmation or manual approval is required for both of these instances. The admin of lemmy.doesnotexist.club seems to be inactive since their account creation yet this instance is still running. If the admin is the attacker, it could also be that they are the one behind the recent nicole spam.
gui.fediseer.com/instances/detail/chinese.lol
gui.fediseer.com/…/lemmy.doesnotexist.club
cross-posted from: hackertalks.com/post/8713785
The instances being used are
- lemmy.doesnotexist.club
- chinese.lol
Here is an example of the coordinated downvoting hackertalks.com/post/8692093
Of course its a controversial user who got someone angry enough to automated downvoting @DonaldJMusk@lemmy.today
But you can see every post they make gets 53ish downvotes from these two instances, plus some organic ones after a few hours.
Current downvoting Accounts :::spoiler bot-list
LightIsland@chinese.lol MagnificentRow@chinese.lol FondKnowledge@chinese.lol SillyTowel95@chinese.lol HelplessDear@chinese.lol SomberBrain@chinese.lol InexperiencedCloset@chinese.lol NecessaryPerson11@chinese.lol ClosedEmployment@chinese.lol CoarseHair420@chinese.lol BurlyChampionship49@chinese.lol ZigzagNatural@chinese.lol QuestionableDirt@chinese.lol ProudDeparture@lemmy.doesnotexist.club JoyousDouble@chinese.lol UnitedPatience@chinese.lol MajesticArea@lemmy.doesnotexist.club SinfulConference@chinese.lol MoralDivide96@chinese.lol LeadingCarry65@chinese.lol FrillyOpinion38@lemmy.doesnotexist.club LimitedDiscount49@lemmy.doesnotexist.club ForkedScreen@chinese.lol MediumChemistry13@chinese.lol xXxLawfulGrassxXx@lemmy.doesnotexist.club VisibleSentence@chinese.lol AcidicLawyer90@lemmy.doesnotexist.club PriceySink14@lemmy.doesnotexist.club ExcellentBeach@chinese.lol VivaciousNews@lemmy.doesnotexist.club LankyIndependent32@lemmy.doesnotexist.club SpeedyFault@chinese.lol ConcreteHall89@lemmy.doesnotexist.club WorthyPoint12@lemmy.doesnotexist.club SurprisedAdult99@chinese.lol FlashyCrack@lemmy.doesnotexist.club MasculineBeing@chinese.lol RichWeird@lemmy.doesnotexist.club DryCash97@lemmy.doesnotexist.club AuthorizedChair@chinese.lol SlimKiss@lemmy.doesnotexist.club AromaticRoof78@lemmy.doesnotexist.club BewitchedInterview@lemmy.doesnotexist.club ImaginaryDraw@lemmy.doesnotexist.club PertinentGround@chinese.lol SinfulAssumption@lemmy.doesnotexist.club AwkwardAnybody30@lemmy.doesnotexist.club UnwillingRestaurant@lemmy.doesnotexist.club InsubstantialOven@lemmy.doesnotexist.club :::
A individual user airing their personal biases and manipulating lemmy isn’t good for the community, regardless of how you feel about their target. This is a really bad thing ™
threaded - newest
Beats me what anybody would get out of vote manipulation on lemmy - there are no sponsors, no money involved AFAIK. What’s the payoff, upvotes?
Winning the hearts and minds in a propaganda / information war at relatively low cost
The person being downvoted is the mod of c/conservative. I’m guessing this is a political maneuver to bury his posts/bully him off lemmy
We don’t need bots to do that!
Which one, because all of them have been rightfully conquered for the proletariat other than whatever Universal Monk is getting up to
Pettiness. I guess some people suffer from such extreme grass deficiency that they’ll go through all the trouble of setting up bots to do fully automated luxury harassment instead of small-batch hand-raised harassment.
Seems relatively painless to chop those two instances off - chinese.lol has less than 200 users, and I can’t even find instance info for doesnotexist.club (coincidence? i think NOT).
I do personally wonder how difficult it is to spin up new instances though. How much effort would it be for them to create a new one and do it again?
I’m actually most concerned with the IP leaking of the fediverse chick posts - hopefully some progress has been made with the IP leaking in auto-loaded external media through DM’s
Minimal, but it is the domain that gets blocked so the attacker would still need to purchase a new domain.
Not with sub domains.
I’m curious, what is it about IP leaking that concerns you? I’ve been thinking about it lately but I have a hard time seeing why it’s a problem.
For one, you now know there is someone on the other end, so you can target your attacks instead of trying random ips.
I know one of these instances.
<img alt="" src="https://pawb.social/pictrs/image/290ce4fc-cfa6-4726-b7a2-69fed449d9cc.png">
Fuck you, Nicole!
Don’t you besmirch my fediwife’s good name!
Where are your God now?
.
The bots are from those two instances as you can see in the screenshot. Furthermore, lemmy.doesnotexist.club has had dozens of bots since at least 2023 (2 years after domain creation. found via the web archive). Since at least 2023, the admin hasn’t been doing anything, or even interacting with anyone. That account seems pretty much dead. But they keep hosting the instance for some reason. It is also a possibility that someone else indeed is using these two instances because they are “abandoned”, but it is highly likely that it is the admin. It is very suspicious that the registrations have been open unguarded against bots since at least 2023. These two instances have been invaded with bots long ago, so defederation is still the right thing to do.
I also don’t want to jump to conclusions, but I think the chances are pretty high that it indeed is the admin. It might lead us to whoever is behind the recent nicole spam.
.
We need public voting or this will only get worse. It’s currently way too easy to manipulate everyone’s feed.
What do you mean public voting? Everything in the Fediverse is public. Spin up a server and you can see all votes, even in the UI as an admin. Do you mean for users?
Admin only isn’t public tbh.