Hello there!
It has been a while since our last update, but it's about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.
So let's go over some of these misconceptions together.
"Lemmy.World is too big and that is bad for the fediverse".
While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network
The entire Lemmy fediverse is still in its infancy and even though we don't like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.
And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members.
"Lemmy.World should close down registrations"
Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what's what would scare a lot of those people off. They probably wouldn't even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.
Which brings us to the third point:
"Lemmy.World can not handle the load, that's why the server is down all the time"
This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.
The problem is that for a couple of hours every day we are under a DDOS attack. It's a never-ending game of whack-a-mole where we close one attack vector and they'll start using another one. Without going too much into detail and expose too much, there are some very 'expensive' sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.
So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That's one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.
"Why do they need another sysop who works for free"
Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.
We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.
Have you guys contacted law enforcement? It may surprise you. A startup I worked for had the same issue and contacted the FBI. They were able to quickly (within hours) find the person doing it despite him using VPNs and other tools for OpSec.
Did it result in charges for the person doing it?
For this, I want to see the motivation for DDOSing Lemmy lol.
There was a user who made hundreds of communities and got pissy when they were banned, there's heavy speculation that it's them.
That, or it could be right-wing neo-nazi chuds from the detonating-craniums instance that are butthurt that nobody wants to federate with them.
Maybe a mix of both?
Or hexbear, the tankie equivalent of those chuds. Terminally online, and a lot of them have been on the fediverse for a while, ever since r/chapotraphouse got the banhammer on reddit. They got real mad when lemmy.world defederated from them the other day.
Could be reddit , hiring people to kill the competition 😅 (jk)
You joke, but I wouldn't be surprised in the least.
This was honestly my first thought. Highly unlikely I’m sure but they’re not winning any awards for good decisions lately
Happened to voat everytine Pao did something. Part of why it failed.
voat failed because it became full of literal Nazis and basically all the hateful refugees from all the subs that got shut down. Pao shutting down FPH was a trigger but it made the worst of the platform migrate.
The fact that there were active communities on voat that were just too toxic for reddit like coontown and other just straight up totally racist subs made the place immediately turn into a massive toxic waste repository - at best it served as a quarantine zone for those people, and at worst it served as a communications platform for spreading additional hate.
I remember my first experience with voat being a poll discussing whether they should ban child porn. The split was ~90% in favor of banning, 10% against. 10% is concerningly high.
they have freeze peaches
I was excited for voat at first and made an account but after interacting quickly saw what kind of people migrated there. I thought it was going to be like what lemmy is now, people sick of the corpos, boy oh boy was I wrong lol
China lady bad
Could be the instance with the raving tankies that was defederated.
Someone creating heaps of communities just to be a mod and then getting pissy about it doesn't sound like someone with the skills to run a DDOS attack.
They had nearly a thousand communities after joining, like an inhuman amount that wouldn't have been possible without scripting.
DDoS isn't a high skill attack by any means, they could have also hired somebody else to do it for them (there are some really big losers out there who will waste money on something like that).
Never underestimate the pettiness of the u/gallowboobs of the world.
You had to Digg deep to get that reference
gallowboobs
hahahaha!
They could pay for someone to do it. They also most likely created all those communities with a script, so they're not your average user.