this post was submitted on 08 Apr 2025
454 points (99.3% liked)

Fediverse

32648 readers
1661 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
ruud@lemmy.world
TragicNotCute@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
454
2 Instances are being used for coordinated vote manipulation, and should be defederated. chinese.lol lemmy.doesnotexist.club (lemmy.asudox.dev)
submitted 1 week ago* (last edited 1 week ago) by asudox@lemmy.asudox.dev to c/fediverse@lemmy.world
64 comments fedilink hide all child comments
 

The attacker seems to be the admin of those two instances. Both instances have their registrations closed.

Edit: It is now open for both of them, or was already. I checked the Fediseer page for both instances and it still says that their registrations are closed.

Though it is suspicious that no captcha, email confirmation or manual approval is required for both of these instances. The admin of lemmy.doesnotexist.club seems to be inactive since their account creation yet this instance is still running. If the admin is the attacker, it could also be that they are the one behind the recent nicole spam.

https://gui.fediseer.com/instances/detail/chinese.lol

https://gui.fediseer.com/instances/detail/lemmy.doesnotexist.club

cross-posted from: https://hackertalks.com/post/8713785

The instances being used are

  • lemmy.doesnotexist.club
  • chinese.lol

Here is an example of the coordinated downvoting https://hackertalks.com/post/8692093

Of course its a controversial user who got someone angry enough to automated downvoting @DonaldJMusk@lemmy.today

But you can see every post they make gets 53ish downvotes from these two instances, plus some organic ones after a few hours.

Current downvoting Accounts

bot-list

LightIsland@chinese.lol MagnificentRow@chinese.lol FondKnowledge@chinese.lol SillyTowel95@chinese.lol HelplessDear@chinese.lol SomberBrain@chinese.lol InexperiencedCloset@chinese.lol NecessaryPerson11@chinese.lol ClosedEmployment@chinese.lol CoarseHair420@chinese.lol BurlyChampionship49@chinese.lol ZigzagNatural@chinese.lol QuestionableDirt@chinese.lol ProudDeparture@lemmy.doesnotexist.club JoyousDouble@chinese.lol UnitedPatience@chinese.lol MajesticArea@lemmy.doesnotexist.club SinfulConference@chinese.lol MoralDivide96@chinese.lol LeadingCarry65@chinese.lol FrillyOpinion38@lemmy.doesnotexist.club LimitedDiscount49@lemmy.doesnotexist.club ForkedScreen@chinese.lol MediumChemistry13@chinese.lol xXxLawfulGrassxXx@lemmy.doesnotexist.club VisibleSentence@chinese.lol AcidicLawyer90@lemmy.doesnotexist.club PriceySink14@lemmy.doesnotexist.club ExcellentBeach@chinese.lol VivaciousNews@lemmy.doesnotexist.club LankyIndependent32@lemmy.doesnotexist.club SpeedyFault@chinese.lol ConcreteHall89@lemmy.doesnotexist.club WorthyPoint12@lemmy.doesnotexist.club SurprisedAdult99@chinese.lol FlashyCrack@lemmy.doesnotexist.club MasculineBeing@chinese.lol RichWeird@lemmy.doesnotexist.club DryCash97@lemmy.doesnotexist.club AuthorizedChair@chinese.lol SlimKiss@lemmy.doesnotexist.club AromaticRoof78@lemmy.doesnotexist.club BewitchedInterview@lemmy.doesnotexist.club ImaginaryDraw@lemmy.doesnotexist.club PertinentGround@chinese.lol SinfulAssumption@lemmy.doesnotexist.club AwkwardAnybody30@lemmy.doesnotexist.club UnwillingRestaurant@lemmy.doesnotexist.club InsubstantialOven@lemmy.doesnotexist.club

A individual user airing their personal biases and manipulating lemmy isn't good for the community, regardless of how you feel about their target. This is a really bad thing (tm)

you are viewing a single comment's thread
view the rest of the comments
[–] anarchiddy@lemmy.dbzer0.com 46 points 1 week ago (6 children)

Seems relatively painless to chop those two instances off - chinese.lol has less than 200 users, and I can't even find instance info for doesnotexist.club (coincidence? i think NOT).

I do personally wonder how difficult it is to spin up new instances though. How much effort would it be for them to create a new one and do it again?

I'm actually most concerned with the IP leaking of the fediverse chick posts - hopefully some progress has been made with the IP leaking in auto-loaded external media through DM's

[–] Admin@startrek.website 5 points 6 days ago (1 children)

How much effort would it be for them to create a new one and do it again?

Minimal, but it is the domain that gets blocked so the attacker would still need to purchase a new domain.

[–] fmstrat@lemmy.nowsci.com 1 points 3 days ago

Not with sub domains.

[–] SorteKanin@feddit.dk 2 points 6 days ago (1 children)

I’m actually most concerned with the IP leaking

I'm curious, what is it about IP leaking that concerns you? I've been thinking about it lately but I have a hard time seeing why it's a problem.

[–] nailbar@sopuli.xyz 2 points 6 days ago

For one, you now know there is someone on the other end, so you can target your attacks instead of trying random ips.

[–] Randelung@lemmy.world 1 points 6 days ago

That's what I'm afraid of. Once some bad actors realize Lemmy is as defenseless as it is, it'll be carnage for a while. The only tool we have is defederation and it's slow and borderline useless against spam or worse.

[–] trillnsfw@lemmynsfw.com 1 points 6 days ago

fairly low effort but annoying like one click with yunohost

[–] asudox@lemmy.asudox.dev 17 points 1 week ago

Some instances enable the image proxy, which should prevent this.

[–] qaz@lemmy.world 5 points 1 week ago* (last edited 1 week ago)

I checked the images and so far every image I've encountered linked to the users's lemmy instance's pictrs instance, none were hosted through a custom trackable image host.