this post was submitted on 24 Mar 2024
102 points (98.1% liked)

Lemmy

12541 readers
44 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

There have been a number of comment spam attacks in various posts in a couple of /c's that I follow by a user/individual who uses account names like Thulean*

For example: ThuleanSneed@lemmy.tf in !coffee@lemmy.world

and ThuleanPerspective2@eviltoast.org in !anime@ani.social

edit: Also ThuleanSneed@startrek.website in !startrek@startrek.website

The posts have been removed or deleted by the respective /c's mods, and the offending accounts banned, but you can see the traces of them in those /c's modlogs.

The comments consist of an all-caps string of words with profanities, and Simpsons memes.

An attack on a post may consist of several repeated or similar looking comments.

This looks like a bored teenager prank, but it may also be an organization testing Lemmy's systemic and collective defenses and ability to respond against spam and bot posts.

you are viewing a single comment's thread
view the rest of the comments
[–] mo_ztt@lemmy.world 14 points 7 months ago (1 children)

Of note about this is that image links in comments aren't rehosted by Lemmy. That means it would be possible to flood a community with images hosted by a friendly or compromised server, and gather a lot of information about who was reading that community (how many people, and all their IP address and browser fingerprint information, to start with) by what image requests were coming in kicked off by people seeing your spam.

I didn't look at the image spam in detail, but if I'm remembering right the little bit of it I looked at, it had images hosted by lemmygrad.ml (which makes sense) and czchan.org (which makes less sense). It could be that after uploading the first two images to Lemmygrad they realized they could just type the Markdown for the original hosting source for the remaining three, of course.

It would also be possible to use this type of flood posting as a smokescreen for a more targeted plan of sending malware-infected images, or more specifically targeted let's-track-who-requests-this-image-file images, to a more limited set of recipients.

Just my paranoid thoughts on the situation.

[–] zabadoh@lemmy.ml 6 points 7 months ago (1 children)

Image rendering attacks and download tracking are well known, so it's not paranoid at all.

[–] mo_ztt@lemmy.world 5 points 7 months ago

Yep.

There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.

I'm not trying to sit in judgement of someone who's writing free software but to me those are both negligent software design from an end-user privacy perspective.