Lately we have been dealing with a few abusive members from Feddit.nl and we were unable to get in touch with the instance administrator.

Part of the problem is the instance’s open registrations which do not require you to enter an e-mail address during signup. This in combination with an inactive admin is a recipe for abuse.

We hope this is only temporary but we have to do this to protect our users.

Edit: we use fediseer, have a look https://gui.fediseer.com/instances/detail/lemmy.world

Edit 2: We got in touch with the Feddit.nl admin. Email requirements were added to the sign-up process and we’re setting up a communication channel. So that means we are federating with Feddit.nl again!

    • @givesomefucks
      link
      English
      181 year ago

      99.999999% of the time I see a giant image I block the user because they’re annoying…

      That shit is just too perfect tho

      • ekZepp
        link
        English
        11 year ago

        deleted by creator

    • @Aceticon
      link
      161 year ago

      That has got to be the best meme with Daleks I’ve seen in quite a long time.

      Kudos!

    • @darelik
      link
      91 year ago

      And so a lemmy legend was born

      • @PriorProject
        link
        41 year ago

        With the refrigeration, which do you consider the canonical community to follow now? You mod both, right? Are you going to keep the bit posting to both?

        • freamon
          link
          fedilink
          English
          51 year ago

          Love what re-federation got auto-corrected to.

          The canonical community is the one at feddit.nl, since it has all the history and I don’t really think it’s .nl’s fault that someone used it to attack .world.

          The bot’s due to make one more post at endlesstalk (to announce that the problem is over) and then I’ll think about what to do with the community (probably delete it)

    • @jarfil
      link
      291 year ago

      You can still go to the instance and read it, subscribe to it from a non-defederated instance, or even create an account there directly.

      • Antik 👾
        link
        161 year ago

        Let’s also hope it’s only temporary.

      • Draconic NEO
        link
        41 year ago

        That assumes that it’s not abandoned like rammy.site was, if you don’t know rammy.site was a general purpose Lemmy instance a while back which was abandoned by its admin and then some right-wing grifters decided to hijack it and use it to spread hatred. Similarly to this situation they also got defederated, though much more widely then in this case.

        The biggest problem is that because they were abandoned eventually the server crashed or the VPS got discontinued or something and now it’s gone. If you go to the URL now you get SSL errors and for a while it was showing up as 410 gone. So with Feddit.nl even though you can go and view the contents on it right now if it’s abandoned it will likely meet a very similar fate in the near future. Meaning that the community is on it are doomed and will either die or have to migrate elsewhere.

  • @nero
    link
    1351 year ago

    Sucks to see my home countries instance isn’t being moderated properly

    • RuudMA
      link
      1411 year ago

      Well .world is also managed partly from NL :-)

      • @nero
        link
        111 year ago

        Fair point, i’ll be patiently waiting for the dutch takeover ;)

    • Antik 👾
      link
      83
      edit-2
      1 year ago

      Vinden wij ook hoor

      Edit: we think so too

      Better learn dutch now for when it becomes our instance’s primary language once @ruud, @quinten and I pushed out the other admins.

      • Quinten
        link
        391 year ago

        Don’t tell our plans…

      • PropaGandalf
        link
        151 year ago

        Mama, dieser Mann sprich aber ein lustiges deutsch :)

        • Antik 👾
          link
          111 year ago

          Ahh the dialect of East-Holland is almost a different language

          • @eckte
            link
            41 year ago

            Opflikkern waus.

            • jk ly
            • @Aganim
              link
              21 year ago

              Dat is altijd nog ‘koekwaus’ voor jou. 😋

      • @chrundle
        link
        Русский
        121 year ago

        Can’t wait for GEKOLONISEERD

          • @landlordlover
            link
            English
            -51 year ago

            Please use “I N G E P O L D E R D” as its not quite as racist as “GEKOLONISEERD”.

            For the people not in the know, the Dutch like to meme about the warcrimes in Indonesia and Africa and when they speak dutch in a comment section they make joking gestures to the time of colonization, like its a good thing, or something to take lightly. Quite frankly colonizing isnt funny in any shape or form and I, another dutch person feel ashamed and sorry for whoever took offense to the comment above. Not of all of us are like this.

            Our history books mostly skip over the warcrimes done in indonesia and how bad the slave trade is, but its luckily improving.

            For the guy above me;

            Warcrimes of the Dutch in Indonesia:

            https://youtu.be/8T3JZljI7A4?si=XvLOhL-m2VHkxByN

            How the dutch turned south africa into a racist country:

            https://youtu.be/Mi93LjuQbMM?si=1La19-xJ-JsBXLpZ

            Over half a million people got ripped away from their families and traded by the Dutch in the 1800s;

            https://www.statista.com/chart/22057/countries-most-active-trans-atlantic-slave-trade/

            This is why I think it shouldnt be taken lightly. Its like a german joking about the time their ancestors murdered millions of jews and bringing it up whenever they see another German in a comment thread.

            • @[email protected]
              link
              fedilink
              3
              edit-2
              1 year ago

              Its like a german joking about the time their ancestors murdered millions of jews and bringing it up whenever they see another German in a comment thread.

              Das tun wir tatsächlich nicht aber der Grund warum dein Fahrrad weg ist ist dass deine Mutter mir das aus Dankbarkeit geschenkt hat nachdem ich sie gefickt hab.

              • @Viking_Hippie
                link
                21 year ago

                I remembered just enough of my school German to understand some of that but not enough to not wonder about someone’s mom taking their bicycle for “thank-work”, apparently 🤔

                • Wrench Wizard
                  link
                  41 year ago

                  Translate says " actually don’t but the reason your bike is gone is because your mother gave it to me out of gratitude after I fucked her."

            • qaz
              link
              21 year ago

              Je kan het hele ijsselmeer inpolderen met die muur tekst die je hebt geschreven

      • @saltesc
        link
        21 year ago

        Go for it. Dutch seems easy. I learned the chorus to Super Max! in like thirty minutes.

    • @Omgarm
      link
      31 year ago

      I made an account on feddit.nl to spread the load for Lemmy.world back in June. Good thing I keep switching between them both anyway.

      Hopefully this is solved soon!

  • Bleeping Lobster
    link
    English
    681 year ago

    Maybe it’s just a coincidence, but it seems like everytime .world defeds from a problematic instance, it’s almost immediately smashed with DDOS attacks.

    The beauty of lemmy as I see it though IS the federation, if .world is down no worries, I’ll just browse on sopuli.xyz or any of the multitude of other instances :) we are like a sexy hydra of positivity.

  • Ab_intra
    link
    661 year ago

    You guys are very transparent and that’s great. Thanks for keeping us in the loop.

    • @PilferJynx
      link
      91 year ago

      It’s one of great things about this instance… having a look into whether or not services are in alignment with my values goes a long way in supporting such an endeavor.

    • Antik 🇧🇪
      link
      fedilink
      221 year ago

      It’s funny that this post on feddit.nl has 20 upvotes. It doesn’t catch up once the federation starts again. I thought it would tbh

      • @[email protected]
        link
        fedilink
        11 year ago

        Nope, in order to not overload lemmy servers, the lemmy software does not federate pre-(re)federation content. That is one reason why I find it a bit ridiculous to wield the biggest stick you have, defederation, so freely.

        • Antik 🇧🇪
          link
          fedilink
          2
          edit-2
          1 year ago

          I think in the case of an instance being spammed with csa material we are allowed to use all the sticks at our disposal - and in this case it was actually the only stick we had. And once we got in touch with TedVDB we refederated.

          He’s now also in the chat room where most Lemmy instance admins hang out. I’d say that’s a positive for everyone in the end.

  • freamon
    link
    English
    54
    edit-2
    1 year ago

    They’ve already replied with the reasons, but - for future reference - if you want to see specifics of things like this, a censure is often posted to https://fediseer.com. .world’s censure of .nl is here

  • @Zombiepirate
    link
    English
    44
    edit-2
    1 year ago

    Thanks for all you do!

    Somewhat related: any word on re-enabling image uploads? I understand completely why you had to do it, just wondering if there’s a roadmap?

    • Antik 👾
      link
      English
      36
      edit-2
      1 year ago

      Image uploads had an issue a while ago but should be working. Which client are you using?

      • @Zombiepirate
        link
        English
        521 year ago

        Oh, sorry I haven’t tried in a while. Looks like it’s back up! Thanks!

        dog

  • Haru
    link
    English
    42
    edit-2
    1 year ago

    Well that’s disappointing, but glad the lemmy.world team are making sure they are on top of it and keeping transparency with all that you do. Thank you.

  • @BitingChaos
    link
    English
    391 year ago

    Part of the problem is the instance’s open registrations which do not require you to enter an e-mail address during signup.

    How is this even a thing? Why would the Lemmy software even allow operation like this?

    • @tpyo
      link
      1241 year ago

      Back when I signed up for reddit, you didn’t need an email and they warned you if you lost your password you’d be locked out of your account until you regained it and they would not offer support to reset it

      I liked that. I don’t want to have to submit my email for everything just to interact

      • @cyberpunk007
        link
        201 year ago

        One of the reasons I have my own email domain and random email addresses for certain services.

        • @Dopeness
          link
          61 year ago

          Catch all? I love it so damn much since I got it. Bitwarden added it on the fly and now I got disposable email addresses for anything I can think of, it’s so, so perfect!

          • @Tangent5280
            link
            41 year ago

            Hi, is this only for the web interface or something? Is this available for the android interface?

            • @ohmyiv
              link
              51 year ago

              You can access it from the android Bitwarden app. Go to the password generator. Where it says “What would you like to generate?”, tap Password and select username in the popup, then click OK. After that, it gives you an option to use a different emails when it generates the email address to use for the account you’re setting up.

            • @Dopeness
              link
              41 year ago

              No need. Even selfhost is free. The catch all feature is also included in the free plan. Bitwarden free is amazingly packed with pretty much all the features you need. Tip: Make a ‘non-profit’ organisation and invite your family to it. You can share passwords for streaming service etc using this.

        • Voyager
          link
          fedilink
          English
          51 year ago

          Managing this for a large amount of services is a huge overhead for me. I use Sub-addressing and then apply filters based on categories.

          • Zoolander
            link
            English
            31 year ago

            It annoys the shit out of me how many developers don’t allow for sub-addressing. Google has supported it on Gmail since inception and it follows the damn spec! Don’t use your crappy form validator if it doesn’t allow valid emails!

            • @Copernican
              link
              21 year ago

              I’ve always been curious. Do any parties just remove the string between “+” and “@” when they see those emails registered?

          • @[email protected]
            link
            fedilink
            3
            edit-2
            1 year ago

            If you have catch all enabled for your custom domain there’s no overhead.

            Signing up for reddit? Just put [email protected] and that address will be automatically created and start receiving reddit’s emails. Don’t have to fiddle with anything.

          • @cyberpunk007
            link
            21 year ago

            Interesting. How does this work? I’ve never used it. I either add manual aliases or distribution groups. It’s a pain in the ass but it works and is safer than using the same email for everything.

            One thing I like is also how you can tell who sold your email to spammers 🤣

          • @jcg
            link
            21 year ago

            I do this as well but there’s been quite a few times when the email input wouldn’t accept it and it’s usually on the sites you really wanna have it on.

            • @Duamerthrax
              link
              21 year ago

              I was dumb founded to find out that vrchat doesn’t except ProtonMail. I had to use my mothballed gmail account.

            • @Dopeness
              link
              21 year ago

              Got a domain? Setup ‘catch all’ and you are all set. If not consider a cheap one. It’s unlimited disposable email addresses for few buck a year.

      • @ttmrichter
        link
        21 year ago

        And then there’s those of us who don’t use email for all practical purposes. I haven’t sent an email in anger for a donkey’s age; the only reason I have an email at all is because of all the people in North America who think email is the wave of the future.

    • @SpliceVW
      link
      English
      591 year ago

      Let’s be real - an email address doesn’t really stop much of anything. Anyone can really easily spin up new email addresses freely.

      • @[email protected]
        link
        fedilink
        191 year ago

        Yeah I still don’t have an email associated with my reddit account. Which shocks people… although I haven’t logged on in months, so maybe it’s now required for legacy accounts

        • @MakeItCount
          link
          English
          41 year ago

          it’s not required globally but some subs require it to be able to post

          So far only /r/formula1 does for me

        • @tpyo
          link
          11 year ago

          Hah, I replied higher up in the comments that when I signed up for reddit, I also didn’t need an email address and I think that particular one never required setting one

          Newer accounts definitely did and I used different emails for those accounts

          • @SportsRulesOpinions
            link
            21 year ago

            They somehow managed to force me to add my email. I don’t remember how.

      • @[email protected]
        link
        fedilink
        English
        181 year ago

        Sadly yeah. We absolutely should use email signup because it filters our the absolute lowest effort bots, but it does nothing against higher quality bots or humans. Not only can you easily spin up new emails on the fly, but many emails allow ways to make the email appear unique (eg, Gmail ignores dots and anything after the + sign), there’s plenty of temporary email services with a variety of domains, and if you own a domain, you can trivially create unlimited emails until they catch on and ban the entire domain.

        Inactive admins are also an issue, but if malicious users are determined enough, it doesn’t matter that much how active an admin is. An active admin can mostly help by making IP banning an option (imperfect, but will work on many humans) and can temporarily turn on approvals to make it easier to weed out low hanging fruit. Nothing will work against someone determined enough, but could at least reduce how many instances they can turn to.

        • @itsdavetho
          link
          21 year ago

          Personally I don’t think anything will stop anyone determined to bring this type of harm to the community, there’s an endless list of workarounds. These communities need a larger network of moderators across timezones

          • @sab
            link
            81 year ago

            Nope, but it will stop the less determined ones.

            With no email verification, you can pretty much create dozens of fake accounts per second - as fast as the API can handle.

      • Antik 👾
        link
        151 year ago

        Sure. But we changed our sign-up policy recently. Users are now informed during sign-up that temporary email accounts are banned.

        We have another announcement regarding this soon.

        • @ttmrichter
          link
          21 year ago

          How do you define a “temporary email account”?

          I’m reminded of old games that insisted you couldn’t sign up with an email provider and had to use an ISP email … which kinda screwed over the literally BILLIONS of people whose ISPs don’t give email addresses…

    • asudox
      link
      441 year ago

      Lemmy is open source. Everyone can modify it to fit their needs.

    • @cley_faye
      link
      291 year ago

      Because anyone running it can decide to do it this way. That’s how code works; you can edit it. Even if the option wasn’t there, if any instance admin wants that to happen it’s easy to do.

    • @ccunning
      link
      241 year ago

      Last I checked, even Reddit allows signups without an email address…

      • @jimbo
        link
        16
        edit-2
        11 months ago

        deleted by creator

        • @ccunning
          link
          101 year ago

          I only ever used old.reddit.com. Didn’t realize that option was limited to to the old interface

        • @dreadedsemi
          link
          41 year ago

          Last time I signed up, even new one allows you to leave email empty.

          • @wmrch
            link
            51 year ago

            That’s true but they annoy you with a persistent banner to add an email address later on. But it’s working nonetheless.

    • @ClarkDoom
      link
      151 year ago

      Cuz we’re on an anonymous forum basically?

  • stevedidWHAT
    link
    38
    edit-2
    1 year ago

    Hiya! Question, is there a way we can see this sort of information ourselves as well? Namely, reports and admin activity logs.

    What’s to stop an instance, then a collection of instances and so on from claiming others aren’t being actively moderated in order to censor?

    Not making any accusations obviously, just a thought I had while reading.

    • Antik 👾
      link
      841 year ago

      I mean, it’s easy to go over to feddit.nl and see they only have one admin who has not been active in almost two weeks.

      Full transparancy: the abuse we were dealing with from that instance was vote manipulation and worse, csam. Especially in the case of csam we can not wait for days for a reaction.

      • @jarfil
        link
        141 year ago

        Out of curiosity: is this an issue of federating content from feddit.nl’s communities, or an issue of feddit.nl’s users messing with LW?

        • Antik 👾
          link
          331 year ago

          Users. That’s why it is mentioned there is no email required during sign-up. They create an account in seconds, make a post and then delete their account.

      • @SheeEttin
        link
        English
        111 year ago

        Thanks for doing this. I’ve not had to see any of it because you guys are on top of dealing with it. (Although I also don’t sort posts by new, so I probably wouldn’t see those posts before they got removed anyway.)

      • @Alchemy
        link
        English
        51 year ago

        Were they the source of the csam attack posts the other week when we removed picture uploads temporarily?

        • Antik 👾
          link
          201 year ago

          No those were from our own instance and is the reason we closed open registrations. We are working on a different solution more on that later.

    • @Tenthrow
      link
      531 year ago

      The modlog for the entire instance is available in a link at the bottom and the sidebar on the main page. Everything should be there.

  • @[email protected]
    link
    fedilink
    311 year ago

    It seems like the user who posted the csam has been banned, does that mean the admin/mod is active again?

  • GONADS125
    link
    301 year ago

    With the nature of the recent attacks I think it makes perfect sense to take strong precautions necessary to protect the community. Can always refederate when/if the admin gets ahold of the situation.

    • Antik 👾
      link
      141 year ago

      For sure. We reached out before too but we can not sit around and wait when it’s about this stuff.

    • kratoz29
      link
      fedilink
      English
      21 year ago

      Lemmy.world is still down often because DDOS attacks???

      • Antik 👾
        link
        11 year ago

        No we’re talking about spam attacks. Trolls posting nsfw images to communities

  • @Zoldyck
    link
    161 year ago

    What defines an “abusive member”?

      • @NOT_RICK
        link
        English
        351 year ago

        Thank you for defederating with them; I can’t unsee the horrible auto play video that showed up on my feed. Some people are really sick

        • @asdfasdfasdf
          link
          11 year ago

          I haven’t seen anything and not sure what CSAM is. What was it?

          • @NOT_RICK
            link
            English
            71 year ago

            CSAM stands for child sex abuse material. I’m going to leave it at that.

            • Rikudou_Sage
              link
              fedilink
              21 year ago

              You might want to go to therapy, that might have been a traumatic event for you and therapy could definitely help with that.

      • @assassin_aragorn
        link
        141 year ago

        You certainly buried the lead, Jesus Christ. Thanks for staying on top of all this and being transparent.

        • Obinice
          link
          251 year ago

          Fun fact, it’s buried the lede not lead. Weird right! The more you know :-D

          • @assassin_aragorn
            link
            121 year ago

            Lede vs lead is always a weird dichotomy to me, because the whole purpose of lede is that it isn’t supposed to be a word, right? I did some journalism in high school and I believe we were taught that lede was purposely not a word so that you could write “lede goes here” as a placeholder, and you’d be reminded of it because spell check would flag it.

            So I’m never sure which to use, because it feels like using it in common discussion defeats the purpose haha. Either way though, you are right yeah.

            • @CarbonatedPastaSauce
              link
              English
              131 year ago

              They mean the same thing, more or less. Lede is just journalist slang for the story’s introduction, or lead.

              "Origin of lede

              First recorded in 1950–55; altered spelling of lead (in the journalism sense “short introductory summary”), used in the printing trades to distinguish it from the homograph lead (in the sense “thin strip of type metal for increasing the space between lines of type”)"

  • @Squander
    link
    71 year ago

    I feel your frustration with “unable to get in touch with the instance administrator”. I’m waiting for a response from @ruud and @MichelleG from 9 days ago regarding abusive members.

    • Antik 👾
      link
      92
      edit-2
      1 year ago

      This was not about “abusive members” this was about a member having too many communities according to you. We both seem to have a very different definition of “abuse”.

      The user in question does have a lot of communities but he is very active and has different moderators who he manages. Also, when the moderators of these communities do well he transfers the community over to them. As recently as yesterday when he transferred [email protected] and [email protected].

      While he has a lot of communities he does a good job managing his communities and training moderators and is making our lives as admins easier. If someone has a lot of communities and doesn’t do anything with them, that is squatting and we take action. I think we have a good track record of that.

      So unless there is something we are missing I really would not call any of what the user in question did “abusive”.

      Lastly the best way to get someone to look at your problem is to use the report feature. The reason you got no reply in nine days is because there was no problem.

      • @Squander
        link
        -52
        edit-2
        1 year ago

        1st, great communication- No response because there is no problem. That’s a terrific reason for instance administrators to ignore messages. I should have read their minds and known, geesh my bad. 2nd- I used the report feature on august 26th and did not receive a response until a week later. The response wasn’t even a fix, it was just asking if I was still having a problem. So thats clearly not the best way to contact admins. That leaves @ ing admins on major posts to get a response. Its annoying, but so far the only effective way. Lastly, If a user creates dozens upon dozens of new communities, solely because they might become popular and then sits on them/isnt active in them, I would say thats an abuse of the system. I suppose we should all start registering any community that could potentially become big. Then when they do become popular, we can gatekeep who is worthy enough to mod them. Plainly, power-mods shouldnt be a thing.

        • Antik 👾
          link
          441 year ago

          That is an entirely different discussion and definitely no “abusive user” as you made it look here. That is an opinion. I am done with you report trolling. Find another instance