Lately we have been dealing with a few abusive members from Feddit.nl and we were unable to get in touch with the instance administrator.
Part of the problem is the instance’s open registrations which do not require you to enter an e-mail address during signup. This in combination with an inactive admin is a recipe for abuse.
We hope this is only temporary but we have to do this to protect our users.
Edit: we use fediseer, have a look https://gui.fediseer.com/instances/detail/lemmy.world
Edit 2: We got in touch with the Feddit.nl admin. Email requirements were added to the sign-up process and we’re setting up a communication channel. So that means we are federating with Feddit.nl again!
I love it!
That has got to be the best meme with Daleks I’ve seen in quite a long time.
Kudos!
Fantastic!
And so a lemmy legend was born
Thanks for the transparency, sad to hear as always to see a country specific instance to go unmanaged
Edit: I guess a few people will miss !trendingcommunities@feddit.nl from @freamon@endlesstalk.org
New home: !trendingcommunities@endlesstalk.org
Will probably post to both for a while, until we have some kind of resolution.
Just subscribed, good to see you there.
I might migrate !casualconversation@lemmy.world there too in the coming weeks
Thank you!
With the refrigeration, which do you consider the canonical community to follow now? You mod both, right? Are you going to keep the bit posting to both?
Love what re-federation got auto-corrected to.
The canonical community is the one at feddit.nl, since it has all the history and I don’t really think it’s .nl’s fault that someone used it to attack .world.
The bot’s due to make one more post at endlesstalk (to announce that the problem is over) and then I’ll think about what to do with the community (probably delete it)
You can still go to the instance and read it, subscribe to it from a non-defederated instance, or even create an account there directly.
That assumes that it’s not abandoned like rammy.site was, if you don’t know rammy.site was a general purpose Lemmy instance a while back which was abandoned by its admin and then some right-wing grifters decided to hijack it and use it to spread hatred. Similarly to this situation they also got defederated, though much more widely then in this case.
The biggest problem is that because they were abandoned eventually the server crashed or the VPS got discontinued or something and now it’s gone. If you go to the URL now you get SSL errors and for a while it was showing up as
410 gone. So with Feddit.nl even though you can go and view the contents on it right now if it’s abandoned it will likely meet a very similar fate in the near future. Meaning that the community is on it are doomed and will either die or have to migrate elsewhere.
Sucks to see my home countries instance isn’t being moderated properly
Well .world is also managed partly from NL :-)
Fair point, i’ll be patiently waiting for the dutch takeover ;)
You, still waiting for it:
Ik had geen idee.
I made an account on feddit.nl to spread the load for Lemmy.world back in June. Good thing I keep switching between them both anyway.
Hopefully this is solved soon!
Maybe it’s just a coincidence, but it seems like everytime .world defeds from a problematic instance, it’s almost immediately smashed with DDOS attacks.
The beauty of lemmy as I see it though IS the federation, if .world is down no worries, I’ll just browse on sopuli.xyz or any of the multitude of other instances :) we are like a sexy hydra of positivity.
Good to be back! 😅 🥳
It’s funny that this post on feddit.nl has 20 upvotes. It doesn’t catch up once the federation starts again. I thought it would tbh
Nope, in order to not overload lemmy servers, the lemmy software does not federate pre-(re)federation content. That is one reason why I find it a bit ridiculous to wield the biggest stick you have, defederation, so freely.
I think in the case of an instance being spammed with csa material we are allowed to use all the sticks at our disposal - and in this case it was actually the only stick we had. And once we got in touch with TedVDB we refederated.
He’s now also in the chat room where most Lemmy instance admins hang out. I’d say that’s a positive for everyone in the end.
They’ve already replied with the reasons, but - for future reference - if you want to see specifics of things like this, a censure is often posted to https://fediseer.com. .world’s censure of .nl is here
Thanks for all you do!
Somewhat related: any word on re-enabling image uploads? I understand completely why you had to do it, just wondering if there’s a roadmap?
Well that’s disappointing, but glad the lemmy.world team are making sure they are on top of it and keeping transparency with all that you do. Thank you.
Hiya! Question, is there a way we can see this sort of information ourselves as well? Namely, reports and admin activity logs.
What’s to stop an instance, then a collection of instances and so on from claiming others aren’t being actively moderated in order to censor?
Not making any accusations obviously, just a thought I had while reading.
The modlog for the entire instance is available in a link at the bottom and the sidebar on the main page. Everything should be there.
Thank you!
Part of the problem is the instance’s open registrations which do not require you to enter an e-mail address during signup.
How is this even a thing? Why would the Lemmy software even allow operation like this?
Back when I signed up for reddit, you didn’t need an email and they warned you if you lost your password you’d be locked out of your account until you regained it and they would not offer support to reset it
I liked that. I don’t want to have to submit my email for everything just to interact
One of the reasons I have my own email domain and random email addresses for certain services.
Managing this for a large amount of services is a huge overhead for me. I use Sub-addressing and then apply filters based on categories.
It annoys the shit out of me how many developers don’t allow for sub-addressing. Google has supported it on Gmail since inception and it follows the damn spec! Don’t use your crappy form validator if it doesn’t allow valid emails!
I’ve always been curious. Do any parties just remove the string between “+” and “@” when they see those emails registered?
Not that I’ve seen. Some do however incorrectly escape the string and end up with an invalid email like namesite.com@gmail.com instead of name+site.com@gmail.com.
If you have catch all enabled for your custom domain there’s no overhead.
Signing up for reddit? Just put reddit@example.com and that address will be automatically created and start receiving reddit’s emails. Don’t have to fiddle with anything.
I like this.
I use legacy free g suite, might see if it supports this
I do this as well but there’s been quite a few times when the email input wouldn’t accept it and it’s usually on the sites you really wanna have it on.
I was dumb founded to find out that vrchat doesn’t except ProtonMail. I had to use my mothballed gmail account.
Got a domain? Setup ‘catch all’ and you are all set. If not consider a cheap one. It’s unlimited disposable email addresses for few buck a year.
Interesting. How does this work? I’ve never used it. I either add manual aliases or distribution groups. It’s a pain in the ass but it works and is safer than using the same email for everything.
One thing I like is also how you can tell who sold your email to spammers 🤣
Catch all? I love it so damn much since I got it. Bitwarden added it on the fly and now I got disposable email addresses for anything I can think of, it’s so, so perfect!
hmmm… i may need to buy bitwarden… i currently self-host, but that sounds very tempting!
No need. Even selfhost is free. The catch all feature is also included in the free plan. Bitwarden free is amazingly packed with pretty much all the features you need. Tip: Make a ‘non-profit’ organisation and invite your family to it. You can share passwords for streaming service etc using this.
And then there’s those of us who don’t use email for all practical purposes. I haven’t sent an email in anger for a donkey’s age; the only reason I have an email at all is because of all the people in North America who think email is the wave of the future.
Let’s be real - an email address doesn’t really stop much of anything. Anyone can really easily spin up new email addresses freely.
Yeah I still don’t have an email associated with my reddit account. Which shocks people… although I haven’t logged on in months, so maybe it’s now required for legacy accounts
it’s not required globally but some subs require it to be able to post
So far only /r/formula1 does for me
Hah, I replied higher up in the comments that when I signed up for reddit, I also didn’t need an email address and I think that particular one never required setting one
Newer accounts definitely did and I used different emails for those accounts
They somehow managed to force me to add my email. I don’t remember how.
Sadly yeah. We absolutely should use email signup because it filters our the absolute lowest effort bots, but it does nothing against higher quality bots or humans. Not only can you easily spin up new emails on the fly, but many emails allow ways to make the email appear unique (eg, Gmail ignores dots and anything after the + sign), there’s plenty of temporary email services with a variety of domains, and if you own a domain, you can trivially create unlimited emails until they catch on and ban the entire domain.
Inactive admins are also an issue, but if malicious users are determined enough, it doesn’t matter that much how active an admin is. An active admin can mostly help by making IP banning an option (imperfect, but will work on many humans) and can temporarily turn on approvals to make it easier to weed out low hanging fruit. Nothing will work against someone determined enough, but could at least reduce how many instances they can turn to.
Personally I don’t think anything will stop anyone determined to bring this type of harm to the community, there’s an endless list of workarounds. These communities need a larger network of moderators across timezones
Nope, but it will stop the less determined ones.
With no email verification, you can pretty much create dozens of fake accounts per second - as fast as the API can handle.
Lemmy is open source. Everyone can modify it to fit their needs.
Because anyone running it can decide to do it this way. That’s how code works; you can edit it. Even if the option wasn’t there, if any instance admin wants that to happen it’s easy to do.
Last I checked, even Reddit allows signups without an email address…
In case anyone’s wondering, you can use the old.reddit.com interface to sign up without an email.
I only ever used old.reddit.com. Didn’t realize that option was limited to to the old interface
Last time I signed up, even new one allows you to leave email empty.
That’s true but they annoy you with a persistent banner to add an email address later on. But it’s working nonetheless.
Cuz we’re on an anonymous forum basically?
It seems like the user who posted the csam has been banned, does that mean the admin/mod is active again?
With the nature of the recent attacks I think it makes perfect sense to take strong precautions necessary to protect the community. Can always refederate when/if the admin gets ahold of the situation.
Lemmy.world is still down often because DDOS attacks???
What defines an “abusive member”?
I feel your frustration with “unable to get in touch with the instance administrator”. I’m waiting for a response from @ruud and @MichelleG from 9 days ago regarding abusive members.
deleted by creator
Oh no, not my beloved neighbors :(
