this post was submitted on 09 Aug 2023
3638 points (98.1% liked)

Lemmy.World Announcements

29104 readers
3 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world/

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
3638
Lemmy World outages (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Hello there!

It has been a while since our last update, but it's about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.

So let's go over some of these misconceptions together.

"Lemmy.World is too big and that is bad for the fediverse".

While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network

The entire Lemmy fediverse is still in its infancy and even though we don't like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.

And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members. 

"Lemmy.World should close down registrations"

Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what's what would scare a lot of those people off. They probably wouldn't even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.

Which brings us to the third point:

"Lemmy.World can not handle the load, that's why the server is down all the time"

This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.

The problem is that for a couple of hours every day we are under a DDOS attack. It's a never-ending game of whack-a-mole where we close one attack vector and they'll start using another one. Without going too much into detail and expose too much, there are some very 'expensive' sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.

So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That's one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.  

"Why do they need another sysop who works for free"

Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.

We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 356 points 1 year ago (3 children)

Have you guys contacted law enforcement? It may surprise you. A startup I worked for had the same issue and contacted the FBI. They were able to quickly (within hours) find the person doing it despite him using VPNs and other tools for OpSec.

[–] [email protected] 84 points 1 year ago (39 children)

I’d imagine that there are a lot of users and communities on here that want law enforcement as far away from the Fediverse as possible…

[–] [email protected] 218 points 1 year ago (2 children)

And yet, and this will shock and amaze you, they're probably here already. Lemmy isn't a secret.

[–] [email protected] 14 points 1 year ago

Found the fed… ;)

[–] [email protected] 7 points 1 year ago (1 children)

No doubt, but there’s a difference between a van trundling down the street and a welcome mat and a tray of tea cooling in the living room.

[–] [email protected] 22 points 1 year ago (1 children)

I get you. There's good and bad in law enforcement, especially when it comes to tech and social media. On the one hand, there's pretty serious crime happening online that needs to be stopped. On the other, wild invasions of privacy. There's no easy answer at this point and governments obviously won't police themselves.

[–] [email protected] 7 points 1 year ago (1 children)

Illegal activity is actually easier to track on the Fediverse than close source websites. Easy to program bots to run through open source code looking for it.

load more comments (1 replies)
[–] [email protected] 29 points 1 year ago (3 children)

I assure you that the FBI knew of lemmy and had watchers here before we hit 5 digit user numbers

load more comments (3 replies)
[–] [email protected] 17 points 1 year ago

I hate to break the illusion but cybersecurity experts already know about every Fediverse instance and it gets scanned regularly. Just like they do discord, FB, twitter, etc.

[–] [email protected] 10 points 1 year ago
[–] [email protected] 8 points 1 year ago

Lemmy isn't a private space. It's less private than Reddit in many regards.

I don't see why when illegal things are happening the government's offered services shouldn't be made use of

load more comments (34 replies)
[–] [email protected] 65 points 1 year ago

Have you guys contacted law enforcement?

Given that the goal of this instance is to serve as a reference of the Fediverse, it is expected that it will continue to grow, and in turn, attract more attention, which due to a game of numbers also involves more trolls and enemies. Thus, the fact that the instance is being DDOS'ed right now shouldn't be seen as a conjunctural problem, but rather a challenge that is here to stay and sometimes be a problem.

While I think it's a good idea for lemmy.world to do it this time, relying on a police force to routinely come to our call and do something means periods during which the instance will be out while we wait for them for work. The instance, and Lemmy in general, should have more robust defenses so that calling for external help is only required at exceptional times.

[–] [email protected] 25 points 1 year ago* (last edited 1 year ago) (3 children)

Did it result in charges for the person doing it?

For this, I want to see the motivation for DDOSing Lemmy lol.

[–] [email protected] 60 points 1 year ago (11 children)

There was a user who made hundreds of communities and got pissy when they were banned, there's heavy speculation that it's them.

[–] [email protected] 40 points 1 year ago* (last edited 1 year ago) (3 children)

That, or it could be right-wing neo-nazi chuds from the detonating-craniums instance that are butthurt that nobody wants to federate with them.

[–] [email protected] 4 points 1 year ago

Maybe a mix of both?

load more comments (2 replies)
[–] [email protected] 31 points 1 year ago (8 children)

Could be reddit , hiring people to kill the competition 😅 (jk)

[–] [email protected] 29 points 1 year ago

You joke, but I wouldn't be surprised in the least.

load more comments (7 replies)
load more comments (9 replies)
[–] [email protected] 16 points 1 year ago (1 children)

You don't need motive to convict. Just the correct mental state (mens rea) and the commission of the relevant elements (actus reus). Motive helps, but it's not necessary.

But a DDOS attack would probably fall under the CFAA, possibly some other criminal statutes depending on the facts.

[–] [email protected] 8 points 1 year ago (1 children)

I know, I just want to know what the motive is.

[–] [email protected] 4 points 1 year ago

"Vengence is mine!" sayeth the gallowboob.

[–] [email protected] 4 points 1 year ago

Yes criminal charges were brought against them. I don’t know what happened beyond that, however. It got pretty quiet once evidence was collected and the attack stopped.