this post was submitted on 09 Apr 2025
146 points (96.2% liked)

Nicole [LOCKED]

365 readers
19 users here now

Due to recent developments, we've had to lock down this community until further notice. For more information, please take a look at this post: https://feddit.org/post/10515288

Thank you for your understanding.

founded 1 month ago
MODERATORS
30p87@feddit.org
FQQD@lemmy.ohaa.xyz
FQQD@feddit.org
146
This community will be locked down until further notice (feddit.org)
submitted 4 days ago* (last edited 2 days ago) by FQQD@feddit.org to c/nicole@feddit.org
82 comments fedilink hide all child comments
 

What happened?

Due to the recent developments, I have decided to make this community moderator-only. There has been a mass spam attack involving gore and nudity. This is now a very serious situation and it is clear that something has to be done to stop this from happening. The new messages might be from a different, psychopathic spammer.

What we decided to do about it

To have better control of this situation, we decided to lock down the community, except for the comment section on this very post. (Please let me know if I've missed a post)

Rules

  • Please refrain to further spread the newest spam image, especially uncensored versions of it.
  • The "It's my girlfriend!"-joke is long gone. Be respectful, stop using it.

Going forward

Our main goal now is to stop the spread of spam on Lemmy. This seems like a major problem in Lemmy's concept, so we need to work together to create a working solution to the spam and potential defacing of users.

Update: The source of the gore images has been identified, so it's safe to say it's not actually the same person as "Nicole". Still fucked up, though.

you are viewing a single comment's thread
view the rest of the comments
[–] Squorlple@lemmy.world 57 points 4 days ago* (last edited 4 days ago) (3 children)

I think if Lemmy doesn’t have the infrastructure to defend against attacks like these which are presumptively conducted by one bad actor, then it doesn’t have the infrastructure to defend against wealthy organizations when our communities do get big enough to be noticed by them.

This community’s history underscores how the messaging system in particular needs a massive overhaul; using image recognition as a filter for messages like Lemmy.World does for image posts (with options for NSFW that isn’t NSFL?), preventing images (and URLs? or only allowing white-listed sites?) from being sent within the first message sent between users (unless a box is ticked?), not showing message recipients images until they are directly opened, and preventing the de-anonymizing of message recipients should be made first priority for the next patch.

I agree that it’s unclear if this newest bad actor sending the graphic image(s?) is that same one sending the vanilla images.

[–] Cliff@feddit.org 27 points 4 days ago* (last edited 4 days ago) (1 children)

I think they should add a feature, that automatically notifies admins when a single account sends a bunch of messages in a short time (dor DMs, comments and posts) and maybe they should also get an instant temporary ban until the admins have evaluated the situation.

[–] null_dot@lemmy.dbzer0.com 11 points 4 days ago

Yeah. IDK anything about the code behind lemmy but some kind of DM limiter or alert seems trivial.

[–] brot@feddit.org 6 points 3 days ago (1 children)

I think that we need to rethink how federation is done. Currently I can just spin up a server, federate with everyone and start sending spam DMs and do harmful stuff like vote manipulation on a mass scale. That won't scale at all when the bad actors come

[–] Novocirab@feddit.org 2 points 2 days ago* (last edited 2 days ago)

Others have suggested that one should prevent images in messages altogether. Or at least if in the first message of an exchange. Or at least for new accounts or accounts without posts.

Coupling these ideas with federation, the following comes to mind:

  1. Enable each instance to select from which other instances its users can receive messages with or without images.

  2. Allow instance admins to set, individually for each instance they federate with, minimum requirements on accout age, number of posts, received upvotes etc., before (image) messages are accepted from an individual account. E.g. higher requirements if the account is on a poorly moderated instance. Or it has to have made at least one post or comment on the instance to whose user it wants to send a message.

In a different vein, which might be needed when Lemmy & other Fediverse services with private messages attract even more attention:

  1. A federated 'spam alert system', as in: Instances can broadcast how much spam (and what kind, and how old the sending accouts were) they have most recently received from specified other instances. Now if an account on instance A sends a message to a user on instance B, instance B can combine the recent ratings from instances C, D, E, F about instance A, in order to decide whether to accept this message (or whether to delay it and delete it if the sender gets blocked on its home instance in the meantime, or only show it to users who have ticked a box). Of course, if the admins of B think that instance E regularly trash-talks other instances or instance A specifically, then they can automatically exclude the scores sent by E from entering into the decision. Taking things further, the best would probably be a highly modular approach, where only the spam alert broadcasts follow a common protocol, but the decision system can be different for each instance.

Most of these suggestions could probably work for upvotes/downvotes as well (only that it's more difficult to identify accounts that only manipulate votes and do nothing else – so an even fancier version of 3., perhaps even with broadcasting spam scores about individual accounts, could be needed).

[–] FQQD@feddit.org 15 points 4 days ago* (last edited 4 days ago) (1 children)

Yes, I agree. The overhaul of the DM system is very urgently needed.

[–] Squorlple@lemmy.world 14 points 4 days ago

There is definitely a place for DMs on this site and I’ve made use of them several times for various needs. However, there are huge fundamental weaknesses in its current setup.