Hello there!
It has been a while since our last update, but it’s about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.
So let’s go over some of these misconceptions together.
“Lemmy.World is too big and that is bad for the fediverse”.
While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network
The entire Lemmy fediverse is still in its infancy and even though we don’t like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.
And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members.
“Lemmy.World should close down registrations”
Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what’s what would scare a lot of those people off. They probably wouldn’t even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.
Which brings us to the third point:
“Lemmy.World can not handle the load, that’s why the server is down all the time”
This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.
The problem is that for a couple of hours every day we are under a DDOS attack. It’s a never-ending game of whack-a-mole where we close one attack vector and they’ll start using another one. Without going too much into detail and expose too much, there are some very ‘expensive’ sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.
So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That’s one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.
“Why do they need another sysop who works for free”
Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.
We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.
The DDOS attacks are still going on? Why is the server unstable?
What I find most ridiculous about people claiming lemmy.world is too big and therefore bad for the Fediverse is simply… Have you people wondered why it got so big?
During the crucial first weeks of the Reddit migration, the single time period with the most chance of bringing new users, pretty much all larger Lemmy instances closed their registrations - they couldn’t handle the influx. Other big ones decided to immediately defederate everybody, they were afraid of having to moderate content. And a few did remain open and federated, but they were also extremely niche and focused on their own political side of the spectrum.
Lemmy.world however remained open, remained with active admins that helped the first moderators, and kept upgrading the server at a very fast rate - you might forget it now, but Lemmy was massively slow and frustrating and then a new Lemmy.world update would drop and it would feel like a different website.
So yeah, “bad for the Fediverse” for being the only instance that kept up with the demand at the most necessary time.
Thanks Lemmy.world team.
Have you guys contacted law enforcement? It may surprise you. A startup I worked for had the same issue and contacted the FBI. They were able to quickly (within hours) find the person doing it despite him using VPNs and other tools for OpSec.
I’d imagine that there are a lot of users and communities on here that want law enforcement as far away from the Fediverse as possible…
And yet, and this will shock and amaze you, they’re probably here already. Lemmy isn’t a secret.
Found the fed… ;)
No doubt, but there’s a difference between a van trundling down the street and a welcome mat and a tray of tea cooling in the living room.
I get you. There’s good and bad in law enforcement, especially when it comes to tech and social media. On the one hand, there’s pretty serious crime happening online that needs to be stopped. On the other, wild invasions of privacy. There’s no easy answer at this point and governments obviously won’t police themselves.
Illegal activity is actually easier to track on the Fediverse than close source websites. Easy to program bots to run through open source code looking for it.
deleted by creator
I assure you that the FBI knew of lemmy and had watchers here before we hit 5 digit user numbers
Knowing someone in the FBI and how they talk about how antiquated it is, I have to vehemently disagree with you there.
I’m just curious, antiquated in what aspect?
In both technological and procedural advancement.
I hate to break the illusion but cybersecurity experts already know about every Fediverse instance and it gets scanned regularly. Just like they do discord, FB, twitter, etc.
aint no way
Lemmy isn’t a private space. It’s less private than Reddit in many regards.
I don’t see why when illegal things are happening the government’s offered services shouldn’t be made use of
We’ll just have to nicely ask the ddos’ers to stop it then
deleted by creator
The Feds are everywhere son
Well… this is the fediverse after all.
The risk that would create for vulnerable communities on here would deeply irresponsible.
Right. Because FBI doesn’t already monitor any suspicious activity.
Removed by mod
They fuck with left leaning groups and try to intentionally destabilize them 🤷♂️
Fun fact: part of the goal of COINTELPRO is to make it so people accuse each other of being an agent provocateur
Other fun fact: another goal of it is to make it so people would accuse each other right back, completely destroying trust on all sides
Actually fun fact: this tactic is side agnostic and there are left wing plants under deep cover in right wing organizations from the fbi to the kkk specifically there to hinder their progress and damage their tactics
It’s fascinating to me that there are people who deeply understand and can effectively apply techniques of sowing discord within and between groups and fanning the flames without also making themselves the obvious source of the strife. I wouldn’t even know where to begin.
Stop living in 1955.
Black Lives Matter and racial justice protestors would like a word.
They barely interfered with the BLM protests.
It’s mostly right wing groups today. Left wing groups are just carebears these days.
I’m left. But what the fuck is the deal with “tankies” though? All of the sudden there are revolutionary communists (with no sense of the historical irony of this label) everywhere. I hadn’t even heard the term 6 months ago, it’s then all over Reddit, and suddenly I’m seeing people talk about violent revolution elsewhere on the lemmyfedi. I know part of it is the nature of the ‘verse, but is part of it that these people are the black box anarchists of yesteryear and I’m just behind the times?
They’re extremely online and outjerking each other in a feedback loop, and the moment you see one, chances are that you’re in a space where they’re overrepresented.
Removed by mod
At the current place in time 15 people thought it was a good idea to downvote that post. That is also showing quite an obvious anti-left potential anti-liberal and US centric bias, which others for example BIPoCs would not share. Or whistleblowers.
The admins have access to that information btw. who upvotes and downvotes what. This means that closer connection to the FBI also makes it more easy for them to access the 100k+ users preferences, political leanings etc. as well as private messages. Other agencies wouldn’t even need to be involved with warrants to get that data, since the servers are harboring enough international communication that you ought to act as if intelligence agencies might have access to what you write, post and how you vote.
deleted by creator
You do understand that upvotes and downvotes are public information?
I don’t understand.
As I said above, The FBI is known to infiltrate left leaning political organizations to fuck with them.
Are there any actual recent examples of this? Everything about lemmy is already completely open, so if they wanted to do anything, they would do it
Well ok but they’re not going to do that because you asked them to investigate an attack.
Hi, 1974 called, they think your living in the wrong decade.
Oh no! Won’t anyone think of the criminals!?
First, they came for …
… the ciminals?
🙄
Florida is literally using social media to persecute people seeking medical care. Pull your head out of your ass.
Sounds like you and lefty are concerned with protecting illegal activity here? Fuck that. I’m not okay with Lemmy being a hub for society’s most trash individuals.
I believe it’s a mistake to conflate law-abiding with morally correct. In fact, in some cases the morally correct thing to do is disobey the law.
I (foolishly) assumed we were talking about the obviously morally abhorrent stuff.
When the world has people killing each other for the “obviously” morally abhorrent stuff like wearing the wrong clothes… I’m afraid you need to specify.
More and more every day.
This isn’t 8chan, and I have no wish to see it emulate it. Revenge porn, CSAM, stalking and harassment: that absolutely should be kicked off and reported.
But if you can’t imagine a scenario where a left leaning, privacy focused userbase might look at willingly going to law enforcement without the above issues and balk, you need to review your history.
That’s not what we were implying remotely. The FBI is known to infiltrate left leaning political organizations to fuck with them. Obviously if someones hosting violence or CP or shit like that that’d awful and they need to be arrested, but I was specifying specifically about the FBIs history with fucking up political groups and forums
I jumped the gun then with assuming it was the latter. My b.
Have you guys contacted law enforcement?
Given that the goal of this instance is to serve as a reference of the Fediverse, it is expected that it will continue to grow, and in turn, attract more attention, which due to a game of numbers also involves more trolls and enemies. Thus, the fact that the instance is being DDOS’ed right now shouldn’t be seen as a conjunctural problem, but rather a challenge that is here to stay and sometimes be a problem.
While I think it’s a good idea for lemmy.world to do it this time, relying on a police force to routinely come to our call and do something means periods during which the instance will be out while we wait for them for work. The instance, and Lemmy in general, should have more robust defenses so that calling for external help is only required at exceptional times.
Did it result in charges for the person doing it?
For this, I want to see the motivation for DDOSing Lemmy lol.
There was a user who made hundreds of communities and got pissy when they were banned, there’s heavy speculation that it’s them.
That, or it could be right-wing neo-nazi chuds from the detonating-craniums instance that are butthurt that nobody wants to federate with them.
Maybe a mix of both?
Or hexbear, the tankie equivalent of those chuds. Terminally online, and a lot of them have been on the fediverse for a while, ever since r/chapotraphouse got the banhammer on reddit. They got real mad when lemmy.world defederated from them the other day.
- hexbear got hit by the same DDoS
- virtually all of the hexbear comments about the defed are light-hearted jokes
Could be reddit , hiring people to kill the competition 😅 (jk)
Removed by mod
This was honestly my first thought. Highly unlikely I’m sure but they’re not winning any awards for good decisions lately
Happened to voat everytine Pao did something. Part of why it failed.
voat failed because it became full of literal Nazis and basically all the hateful refugees from all the subs that got shut down. Pao shutting down FPH was a trigger but it made the worst of the platform migrate.
The fact that there were active communities on voat that were just too toxic for reddit like coontown and other just straight up totally racist subs made the place immediately turn into a massive toxic waste repository - at best it served as a quarantine zone for those people, and at worst it served as a communications platform for spreading additional hate.
I remember my first experience with voat being a poll discussing whether they should ban child porn. The split was ~90% in favor of banning, 10% against. 10% is concerningly high.
they have freeze peaches
I was excited for voat at first and made an account but after interacting quickly saw what kind of people migrated there. I thought it was going to be like what lemmy is now, people sick of the corpos, boy oh boy was I wrong lol
China lady bad
Could be the instance with the raving tankies that was defederated.
Removed by mod
Someone creating heaps of communities just to be a mod and then getting pissy about it doesn’t sound like someone with the skills to run a DDOS attack.
They had nearly a thousand communities after joining, like an inhuman amount that wouldn’t have been possible without scripting.
DDoS isn’t a high skill attack by any means, they could have also hired somebody else to do it for them (there are some really big losers out there who will waste money on something like that).
Never underestimate the pettiness of the u/gallowboobs of the world.
gallowboobs
hahahaha!
You had to Digg deep to get that reference
They could pay for someone to do it. They also most likely created all those communities with a script, so they’re not your average user.
You don’t need motive to convict. Just the correct mental state (mens rea) and the commission of the relevant elements (actus reus). Motive helps, but it’s not necessary.
But a DDOS attack would probably fall under the CFAA, possibly some other criminal statutes depending on the facts.
I know, I just want to know what the motive is.
“Vengence is mine!” sayeth the gallowboob.
Yes criminal charges were brought against them. I don’t know what happened beyond that, however. It got pretty quiet once evidence was collected and the attack stopped.
In all seriousness, we all appreciate your work. These are the growing pains that are to be expected, and your hard work and transparency (and writing it up at a level that even I can understand) is welcome.
Im a data engineer with 20+ years of experience in sql and various databases, I do performance tuning on daily basis. How can I help? Please message me if you think you can use me. Id be very happy to help where I can!
Besides the actual developers of lemmy, none has done more for the lemmiverse than the maintainers of lemmy.word. When the Reddit shitstorm started and other leading servers shut down user registration, you guys held the ship steady and didn’t flinch from the sudden flood of new users. Discovering new bottle-necks in lemmy code, helping to resolve them and deploying hot fixes. All in super fast reaction time. About “lemmy.world shouldn’t be largest server” crap - it’s good for lemmy that one server is the easy entry point to lemmy. This is where the “mainstream” communities could/should be and new users will have an easier landing. Having dedicated servers with their own communities (like start trek, piracy, etc) is great but it’s not mandatory for all communities.
Thanks for the hard work y’all. I wonder what point of badgering a free social server is?
There’s always someone that gets joy from ruining things for others.
~10 ago i got all my coments and posts downvoted 25-50 points each, even one comment that was on a deleted thread. that didn’t stop me for continue participating, but it shouldn’tbe that easy for someone to do that
I don’t see it in your history? If you want contact me via PM - send me the posts and comments and I’ll have a look.
All my comments and posts dated July 31 and before got downvoted in matter of minutes, the quantity each got varied but it was proportional to the upvotes it already had, up to -32 (not 50), my total comments points became -540 and post -70 . I don’t care getting all my comments and posts downvoted like that, so I never complained, but I thought I would let you know since it is related to the topic of the this thread.
Hey. I checked and well, you were right. There was actually a user following you around with over 40 (!) alts from various instances. I banned all of them
Great work!
Thank you! I just hope is not too easy automate the creation of 40+ new accounts and have those follow someone around like it happened to me, or to easily manipulate what reaches or drops from top day/hour etc.
Accounts can always be created on other instances, there are many to choose from. But if you notice anything strange let me know and I’ll have a look.
Damn, expatriado, did you piss off 2.5 Mormon families or something?
Also apparently I have no idea how to mention users goddang.
@[email protected] just start with an @ and you will see! And if you want to link a community you start with an ! - mind you this doesn’t work in all the non-default UI’s like Alexandrite or Photon atm.
If we’re talking downvote groups, this seems to be one. This comment was instantly set from +15/-1 to +15/-15 the other day.
There’s someone who downvotes every post and comment on cat pictures. It’s like clockwork. It’s kind of funny.
Everyone, check your dog’s smartphone!
My dog only has a flip phone. Does that make me an animal abuser? In my defense, she’s only 10 months old. In my opinion, a little too young for internet access.
The dog bot
I know that fucking person
spoiler
its me
My first guess: it’s someone who complained on GitHub about unoptimized queries and didn’t get the response they wanted. Of course I would expect them to be attacking lemmy.ml in that case
My conspiracy theory: it’s someone paid by a marketing firm on Reddit’s payroll, while probably not under direction from Reddit, they’re working to further Reddit’s goals
Most likely: it’s some kiddie who got banned from .world and wants to show everyone how mad he is
What if it’s all three lol
Probably, this is the standalone complex clusterfuck the internet has become.
Feeling like an internet tough guy.
I hear it’s the only way they can get hard.
I don’t know the details but wasn’t one of the instances that Lemmy World defederated recently one that contained lots of toxic shit (racism, trolling and other not cool content)? So it’s not unlikely someone from there decided to just destroy things for others. Maybe even an operator since the person(s) obviously has knowledge of how Lemmy works.
deleted by creator
Definitely Hexbear; they have their own fork of Lemmy’s code, so they have the technical expertise, and they hate anyone who doesn’t subscribe to their color of fascism.
Yeah that’s my guess too. The timing lines up perfectly
This is just going by random speculation as to who might have been defederated from and decided to attack a high-profile target in response… but if my speculation is accurate, they also seem fine with all kinds of real-world violence against their enemies. The purpose is to “punish”, and the innocence of the target isn’t a factor.
Some group calling themselves communist but acting like narcicists. hexbear i think. Harradsing a general instance because we felt they were incompatable. I randomly had someone on hexbear attempt to derail the conversation
Yes, most likely. Cheers 😄 !
typo ...
Harradsing - - - >>> Harassing
If I had to guess, I’d say that I doubt the people who defaced lemmy.world gave up once control was wrested back.
If the material they defaced the site with is any indication, it’s bigots and fascists.
deleted by creator
Y’all are motherfucking gangsters. Appreciate the work you’re putting in. I don’t do your kind of code or I’d pitch in. Much love. ♥️
Imagine having the free time to engineer attacks on a site. Fucking loser.
I couldnt care less. You provide a great forum at no charge to me. I thank yoy for your contribution to discourse, communication with the community, and look forward to the growth of lemmy.world
Thanks for being so transparent with us. Lemmy really does feel like home now to me. I wish the maintainers all the best as they continue to fight the forces of evil.
Reddit was down a lot too, and they stuck ads in my face. It’s not like I have a pacemaker that needs Lenny.world to be up in order to function. Keep up the good work and I hope whoever is behind the attacks steps on a Lego.
usually my reaction when a website I visit daily goes down is to probably visit that website less or think the backend team behind it is lazy. but when lemmy.world goes down or is under attack, I sympathize and just open it when it’s back up. y’all prove that you’re hardworking by providing clear communication and explanation on what’s happening everytime. shout out lemmy team, you deserve the world!!
Thank you for your work 🫡
