Over the weekend, hackers targeted federated social networks like Mastodon to carry out ongoing spam attacks that were organized on Discord, and conducted
I saw a few instances had large bills from their CDNs because some spammers uploaded many attachments. I don’t think this is from the current wave of spam about the Japanese discord server though
Ingress and egress costs are real and those assholes attached images to their spam. Hundreds of posts coming in at 700kb a pop does damage if you’re relying on a cloud provider to store your shit. Then, it gets accessed by all your users.
I don’t get why the Fediverse decided to take on the legal risk and storage cost of downloading every attachment to local servers to be honest. This is why every Lemmy server had to deal with the stupid CSAM spammer rather than just the one server that was being targeted.
Cloud costs have a similar problem, though basic deduplication should work to prevent excessive storage costs. Only the minor egress costs of a couple hundred kilobytes of jpeg really count and they’re not all that bad unless you go with hyper expensive super redundant networks (Amazon, Azure, etc.)
I definitely have benefited as fellow admins were on top of it to the point of automated removal. That’s one of the main reasons this spam attempt is pathetic.
From the article they said smaller unattended instances were the primary target. So you might not have been one of the instances targeted, and if you don’t have open registration and/or have captcha on then it wouldn’t be an issue either.
Costly? They were pretty pathetic spam attempts that are still ongoing.
I saw a few instances had large bills from their CDNs because some spammers uploaded many attachments. I don’t think this is from the current wave of spam about the Japanese discord server though
Ingress and egress costs are real and those assholes attached images to their spam. Hundreds of posts coming in at 700kb a pop does damage if you’re relying on a cloud provider to store your shit. Then, it gets accessed by all your users.
Billing alarms go bing bing bing.
I don’t get why the Fediverse decided to take on the legal risk and storage cost of downloading every attachment to local servers to be honest. This is why every Lemmy server had to deal with the stupid CSAM spammer rather than just the one server that was being targeted.
Cloud costs have a similar problem, though basic deduplication should work to prevent excessive storage costs. Only the minor egress costs of a couple hundred kilobytes of jpeg really count and they’re not all that bad unless you go with hyper expensive super redundant networks (Amazon, Azure, etc.)
Yeah, I’m running a Lemmy instance maybe we missed out on the bulk of it but it’s been pretty sad over here as far as being able to call it an attack.
Do you have open registration? If not, you probably benefitted from other mods work on this one.
I definitely have benefited as fellow admins were on top of it to the point of automated removal. That’s one of the main reasons this spam attempt is pathetic.
Yup, I’m thankful for their work as well.
From the article they said smaller unattended instances were the primary target. So you might not have been one of the instances targeted, and if you don’t have open registration and/or have captcha on then it wouldn’t be an issue either.
The spam was still an issue period. It hit every instance regardless of what you’re saying.
Ok so was it an issue or not? You seem to be saying both
It was a minor inconvenience. Pathetic. You’re speaking from a point of view of not understanding that we’re all connected.
Ingress is typically free, but yes