cross-posted from: https://jamie.moe/post/113630

There have been users spamming CSAM content in !lemmyshitpost@lemmy.world causing it to federate to other instances. If your instance is subscribed to this community, you should take action to rectify it immediately. I recommend performing a hard delete via command line on the server.

I deleted every image from the past 24 hours personally, using the following command: sudo find /srv/lemmy/example.com/volumes/pictrs/files -type f -ctime -1 -exec shred {} \;

Note: Your local jurisdiction may impose a duty to report or other obligations. Check with these, but always prioritize ensuring that the content does not continue to be served.

Update

Apparently the Lemmy Shitpost community is shut down as of now.

  • russjr08@outpost.zeuslink.netEnglish
    1·
    10 months ago

    You’ll need to find where the actual container files are being stored. I’m unfortunately not familiar with Lemmy Easy Deploy, but you should have a folder that has some files/folders like docker-compose.yml, volumes, lemmy.hjson.

    The important one is the volumes/pictrs/files folder, take the full path of that folder and replace it with the /srv/lemmy/example.com... path from the original post, and then that command should work.

  • aseriesoftubes@lemmy.worldEnglish
    567·
    10 months ago

    Someone is trying really hard to hurt Lemmy by continually attacking the most popular instance. Is this all coming from right-wingers upset that their nazi instances were defederated across basically the whole fediverse?

    • CryptoRoberto@sh.itjust.worksEnglish
      1523·
      10 months ago

      I wouldn’t put it past the hexbear crazies throwing a tantrum. They claim to be left wing… Sure seem more like fascist trumper types though. Maybe it’s just that they’re all incels and incels all seem about the same.

      • maegul@lemmy.mlEnglish
        192·
        10 months ago

        they’re all incels and incels all seem about the same.

        Downvote from me there. I’ve seen plenty of examples of hexbear people being nice, interesting and good sports. They definitely seem to have more of shitposting culture than is normal on mainstream lemmy. But all in all it’s seemed fun to me from what I’ve seen.

        Beyond all that, this is just superficial and prejudicial. If you had some examples to link to or more substantial insights to share as to why it’d be “them”, that’d be worth reading.

        Otherwise, they’re an instance. Not one person, I’m sure some on hexbear are assholes and some awesome.

        • CryptoRoberto@sh.itjust.worksEnglish
          216·
          10 months ago

          So, so shocked someone it’s from lemmygrad that is defending the notoriously toxic “communist” tanky trollfest instance.

          • maegul@lemmy.mlEnglish
            201·
            10 months ago

            Sorry, not from lemmygrad. And I’m on lemmy.ml because I joined before the Reddit migration and “Privacy and FOSS” (the focus of lemmy.ml) made a lot of sense for a lemmy instance/community.

            Beyond that … more superficial, prejudicial hate mongering without any description of why or for what purpose. Sorry, I don’t think it’s worth reading … a downvote from me … and, just being real for a moment … at the moment it’s more likely that you’re a member of a “notoriously toxic … trollfest”.

            Ironically, IME, I’ve seen significantly more troll-like tankie hate than I do tankie-trolling. I keep asking for receipts/links to tankie trolling here, as I’m genuinely curious to see it and understand what people are so upset about (please don’t explain to me what’s so upsetting unless it’s culturally thorough or coupled with some links+descriptions) … but no one has been able to do so.

            • zephyreks@lemmy.caEnglish
              4·
              10 months ago

              Most people from hexbear provide sources, which is better than can be said for all the tankie hate.

      • Fylkir@lemmy.sdf.orgEnglish
        172·
        10 months ago

        Throwing a tantrum about what exactly? They’re one of the oldest-running Lemmy instances. Until now they were running a fork based on a pre-Federation version of the codebase.

        You believe they did a bunch of work migrating their database only to then negate that work by destroying the community they wanted to Federate with?

        • maegul@lemmy.mlEnglish
          6·
          10 months ago

          Well something to keep in mind is that hexbear isn’t one person … it’s a whole community that’s developed independently for a while. So it’s reasonable to expect that there’d be variation in the behaviours of members in the same way there’s variation on the rest of lemmy. From what I’ve gathered, not all hexbear members are keen on the re-federation, and some aren’t too keen on being “well-behaved” around politically opposed users (ie “libs”), though hexbear admins and other users have promised moderation and that such isn’t part of the core hexbear values.

          It’s social media, afterall … and people can be rather shit and ruin it for the rest of us. In the end, the core service provided a social media platform isn’t the hardware, sys-admin-work or software (however necessary they are) … it’s the moderation work.

          The moderation keeps the place sanitary enough for people to actually want to be here … however much we may have problems with particular actions of our moderators, we should really support and praise them at every turn.

        • CryptoRoberto@sh.itjust.worksEnglish
          22·
          10 months ago

          Big difference between a few users who did a bunch of work and the toxic goonsquad the majority of the userbase turned into.

        • Rentlar@lemmy.caEnglish
          34·
          10 months ago

          At least a handful of users on hexbear had made their intention clear during the first week of re-federation, they were looking to cause chaos on Lemmy for there own pleasure. I don’t know if they were banned and/or their comments deleted.

  • enbee@compuverse.ukEnglish
    261·
    10 months ago

    big F in chat for those of you dealing with this. my #1 fear about setting upand instance.

    • jeffw@lemmy.worldEnglish
      16·
      10 months ago

      It impacts everyone when this shit happens. It takes time for mods/admins to take down. And you can’t unsee it.

      I hope nobody else has the misfortune of stumbling on that shit

      • thrawn@lemmy.worldEnglish
        3·
        10 months ago

        Yeah you really can’t. I’m pretty desensitized from earlier internet with death and other shock gore content but had managed to avoid CSAM until today. It was a lot worse than I expected, felt my heart drop. Worse, my app autoplays gifs in thumbnail so it kept going while I was reporting it.

        I’ve mostly forgotten and it wasn’t on my mind until I saw this thread (happened less than 24hr ago) but even the slightest reminder is oddly upsetting. Wish I’d thought of the Tetris thing.

  • itsdavetho@lemmy.worldEnglish
    231·
    10 months ago

    I literally am going to give up social media in general if this doesn’t stop

    Seen it last night late around 3am shit made me sick I honestly almost cried but I just closed the app and tried not to think about it

    Whatever the goal is it’s a stark reminder that there is monsters creeping in the shadows every where you go

    • PastThePixels@lemmy.potatoe.caEnglish
      6·
      10 months ago

      Yeah… Just wow. I disabled pictrs and deleted all its images, which also means all my community images/uploaded images are gone, and it’s more of a hassle to see other people’s images, but in the end I think it’s worth it.

      Through caching every image pictrs was also taking up a massive amount of space on my Pi, which I also use for Nextcloud. So that’s another plus!

      • HTTP_404_NotFound@lemmyonline.comEnglish
        2·
        10 months ago

        Note, apparently, lemmy will get pretty pissy if pictrs isn’t working… and the “primary” lemmy GUI will straight-up stop working.

        Although, https://old.lemmyonline.com/ will still work.

        And- I am with you. My pictrs storage, has ended up taking up quite a bit of room.

      • rar@discuss.onlineEnglish
        1·
        10 months ago

        There has to be a more elegant way of dealing with this in the future, like de-coupling between Lemmy-account hosting (which effectively means acitivypub-fediverse account) and Lemmy-communities hosting.

      • HTTP_404_NotFound@lemmyonline.comEnglish
        3·
        10 months ago

        Yup.

        So far, mostly everything appears to work still. But, trying to upload an image, just throws an error.

        SyntaxError: Unexpected token ‘R’, “Request er”… is not valid JSON

        I don’t see a way to actually “gracefully” disable it, but, this works.

        Edit- don’t just stop pictrs.

        Lemmy gets very pissy… and b reaks.

  • owiseedoubleyou@lemmy.mlEnglish
    19·
    10 months ago

    How desperate to destroy Lemmy must you be to spam CSAM on communities and potentially get innocent people into trouble?

    • heyoni@lemm.eeEnglish
      112·
      10 months ago

      Maybe you’re a dev on the Reddit team and own a lot of shares for what you know is about to go public?

  • Catasaur@lemmy.catasaur.xyzEnglish
    16·
    10 months ago

    Self hoster here, im nuking all of pictrs. People are sick.

    • Did a shred on my entire pictrs volume (all images ever):

    sudo find /srv/lemmy/example.com/volumes/pictrs -type f -exec shred {} \;

    • Removed the pictrs config in lemmy.hjson

    • removed pictrs container from docker compose

    Anything else I should to protect my instance, besides shutting down completely?

  • Dandroid@sh.itjust.worksEnglish
    16·
    10 months ago

    I got lucky. I am not subscribed to this community, and I am the only person on my instance. But what if I was subscribed and hadn’t seen this post? This is too much responsibility for me.

    I just shut down my instance until we can disable cached images. If that never happens, then I’m not bringing it back up.

    Shout-out to github.com/wescode/lemmy_migrate. I moved my subscriptions over in a minute or two, and now, other than not having my post history, it’s exactly the same.

  • Oneobi@lemmy.worldEnglish
    194·
    10 months ago

    Likely scum moves from reddit patriots to destroy or weaken the fediverse.

    I remember when Murdoch hired that Israeli tech company in Haifa to find weaknesses is TV smart cards and then leaked it to destroy their market by flooding counterfit smart cards.

    They are getting desperate along with those DDOS attacks.

    • OrbitJunkie@lemdro.idEnglish
      20·
      10 months ago

      Could be, but more likely it’s just the result of having self hosted services, you have individuals exposing their own small servers to the wilderness of internet.

      These trols also try constantly to post their crap to mainstream social media but they have it more difficult there. My guess is that they noticed lemmy is getting a big traction and has very poor media content control. Easy target.

      Moderating media content is a difficult task and for sure centralized social media have better filters and actual humans in place to review content. Sadly, only big tech companies can pay for such infrastructure to moderate media content.

      I don’t see an easy way for federated servers to cope with this.

      • maxprime@lemmy.mlEnglish
        8·
        10 months ago

        Yeah exactly. This is the main reason I decided not to attempt to self host a Lemmy instance. No way am I going to let anyone outside of my control have the ability to place a file of their choosing on my hardware. Big nope for me.

  • ugjka@lemmy.worldEnglish
    111·
    10 months ago

    blocked lemmyshitpost some time age because it is trash anyway

  • drcobaltjedi@programming.devEnglish
    9·
    10 months ago

    I was looking into self hosting. What can I do to avoid dealing with this? Can I not cache images? Would I get in legal trouble for being federated with an instance being spammed?

  • idle@158436977.xyzEnglish
    9·
    10 months ago

    I went ahead and just deleted my entire pictrs cache and will definitely disable caching other servers images when it becomes available.