Over the weekend, hackers targeted federated social networks like Mastodon to carry out ongoing spam attacks that were organized on Discord, and conducted
Ingress and egress costs are real and those assholes attached images to their spam. Hundreds of posts coming in at 700kb a pop does damage if you’re relying on a cloud provider to store your shit. Then, it gets accessed by all your users.
I don’t get why the Fediverse decided to take on the legal risk and storage cost of downloading every attachment to local servers to be honest. This is why every Lemmy server had to deal with the stupid CSAM spammer rather than just the one server that was being targeted.
Cloud costs have a similar problem, though basic deduplication should work to prevent excessive storage costs. Only the minor egress costs of a couple hundred kilobytes of jpeg really count and they’re not all that bad unless you go with hyper expensive super redundant networks (Amazon, Azure, etc.)
From the article they said smaller unattended instances were the primary target. So you might not have been one of the instances targeted, and if you don’t have open registration and/or have captcha on then it wouldn’t be an issue either.
I definitely have benefited as fellow admins were on top of it to the point of automated removal. That’s one of the main reasons this spam attempt is pathetic.
Ingress and egress costs are real and those assholes attached images to their spam. Hundreds of posts coming in at 700kb a pop does damage if you’re relying on a cloud provider to store your shit. Then, it gets accessed by all your users.
Billing alarms go bing bing bing.
I don’t get why the Fediverse decided to take on the legal risk and storage cost of downloading every attachment to local servers to be honest. This is why every Lemmy server had to deal with the stupid CSAM spammer rather than just the one server that was being targeted.
Cloud costs have a similar problem, though basic deduplication should work to prevent excessive storage costs. Only the minor egress costs of a couple hundred kilobytes of jpeg really count and they’re not all that bad unless you go with hyper expensive super redundant networks (Amazon, Azure, etc.)
Ingress is typically free, but yes
Yeah, I’m running a Lemmy instance maybe we missed out on the bulk of it but it’s been pretty sad over here as far as being able to call it an attack.
From the article they said smaller unattended instances were the primary target. So you might not have been one of the instances targeted, and if you don’t have open registration and/or have captcha on then it wouldn’t be an issue either.
The spam was still an issue period. It hit every instance regardless of what you’re saying.
Ok so was it an issue or not? You seem to be saying both
It was a minor inconvenience. Pathetic. You’re speaking from a point of view of not understanding that we’re all connected.
Do you have open registration? If not, you probably benefitted from other mods work on this one.
I definitely have benefited as fellow admins were on top of it to the point of automated removal. That’s one of the main reasons this spam attempt is pathetic.
Yup, I’m thankful for their work as well.