cross-posted from: https://jamie.moe/post/113630

There have been users spamming CSAM content in !lemmyshitpost@lemmy.world causing it to federate to other instances. If your instance is subscribed to this community, you should take action to rectify it immediately. I recommend performing a hard delete via command line on the server.

I deleted every image from the past 24 hours personally, using the following command: sudo find /srv/lemmy/example.com/volumes/pictrs/files -type f -ctime -1 -exec shred {} \;

Note: Your local jurisdiction may impose a duty to report or other obligations. Check with these, but always prioritize ensuring that the content does not continue to be served.

Update

Apparently the Lemmy Shitpost community is shut down as of now.

    • Jamie@jamie.moeOPEnglish
      9·
      10 months ago

      Not really. You could technically locate the images and determine precisely which ones they are from their filenames, but that means you actually have to view the images long enough to pull the URL. I had no desire to view them for even a moment, and just universally removed them.

      As mentioned in my edit above though, ensure you are in compliance with local regulations when dealing with the material in case you have to do any preservation for law enforcement or something.

        • Jamie@jamie.moeOPEnglish
          3·
          10 months ago

          From what I was informed, purging a post doesn’t remove the associated cached data. So I didn’t take any chances.

  • ugjka@lemmy.worldEnglish
    153·
    10 months ago

    blocked lemmyshitpost some time age because it is trash anyway

  • Ebby@lemmy.ssba.comEnglish
    4·
    10 months ago

    Could someone please ELI5 that script. I’m all for keeping things clean, but old enough to remember the days of console based trolling.

    • UnlimitedRumination [he/him]@sh.itjust.worksEnglish
      4·
      10 months ago

      sudo

      As root

      find /srv/lemmy/example.com/volumes/pictrs/files

      Find files in /srv/lemmy... that:

      -type f

      Are plain files (not directories, symlinks, etc; includes images)

      -ctime -1

      And were created within an amount of time (probably last day, haven’t used this flag in a while)

      -exec rm {} \\;

      For each matching file found execute rm on it (delete it).

      • GBU_28@lemm.eeEnglish
        11·
        10 months ago

        I don’t think rm is gonna cut it if you have that shit on disk

  • DeltaTangoLima@reddrefuge.comEnglish
    17·
    10 months ago

    To be clear, if no one on a given instance sub to that particular /c, the content won’t federate to said instance, correct?

    • Jamie@jamie.moeOPEnglish
      12·
      10 months ago

      At this point, the community is clean. So unless more is posted, then you should be good. If someone searched for the community and caused a preview to load while the content was active though, then it could be an issue.

  • Oneobi@lemmy.worldEnglish
    545·
    10 months ago

    Likely scum moves from reddit patriots to destroy or weaken the fediverse.

    I remember when Murdoch hired that Israeli tech company in Haifa to find weaknesses is TV smart cards and then leaked it to destroy their market by flooding counterfit smart cards.

    They are getting desperate along with those DDOS attacks.

    • OrbitJunkie@lemdro.idEnglish
      18·
      10 months ago

      Could be, but more likely it’s just the result of having self hosted services, you have individuals exposing their own small servers to the wilderness of internet.

      These trols also try constantly to post their crap to mainstream social media but they have it more difficult there. My guess is that they noticed lemmy is getting a big traction and has very poor media content control. Easy target.

      Moderating media content is a difficult task and for sure centralized social media have better filters and actual humans in place to review content. Sadly, only big tech companies can pay for such infrastructure to moderate media content.

      I don’t see an easy way for federated servers to cope with this.

      • maxprime@lemmy.mlEnglish
        4·
        10 months ago

        Yeah exactly. This is the main reason I decided not to attempt to self host a Lemmy instance. No way am I going to let anyone outside of my control have the ability to place a file of their choosing on my hardware. Big nope for me.

  • owiseedoubleyou@lemmy.mlEnglish
    61·
    10 months ago

    How desperate to destroy Lemmy must you be to spam CSAM on communities and potentially get innocent people into trouble?

    • heyoni@lemm.eeEnglish
      32·
      10 months ago

      Maybe you’re a dev on the Reddit team and own a lot of shares for what you know is about to go public?

  • Catasaur@lemmy.catasaur.xyzEnglish
    5·
    10 months ago

    Self hoster here, im nuking all of pictrs. People are sick. Luckily I did not see anything, however I was subscribed to the community.

    • Did a shred on my entire pictrs volume (all images ever):

    sudo find /srv/lemmy/example.com/volumes/pictrs -type f -exec shred {} \;

    • Removed the pictrs config in lemmy.hjson

    • removed pictrs container from docker compose

    Anything else I should to protect my instance, besides shutting down completely?

  • Possibly linux@lemmy.zipEnglish
    3·
    10 months ago

    Couldn’t this be stopped with automatic filtering of bad content? There are open source tools and libraries that do this already

    • Scrubbles@poptalk.scrubbles.techEnglish
      4·
      10 months ago

      That’s what we’re pushing the lemmy devs to do. Honestly even if they want to use proprietary tools for this instance I’m okay, I’ll happily go register an Azure account and plop an API key into the UI so it can start scanning. Lemmy should have the guardrails to prevent this from ever hitting our servers.

      In the meantime, services like cloudflare will handle the recognizing and blocking access to images like that, but the problem still comes down to the federation of images. Most small hosters do not want the risk of hosting images from the whole of the internet, and it sounds like there is code in the works to disable that. Larger hosters who allow open registrations can do what they please and host what they please, but for us individual hosters we really need tools to block this.

  • krolden@lemmy.mlEnglish
    35·
    10 months ago

    That’s it, I’m defederating from lemmy.world. the admins let their users make death threats against users of other instances on top of this.

  • CrimeDad@lemmy.crimedad.workEnglish
    5·
    10 months ago

    I’m not subscribed to that community, but I guess I’m glad Pictrs doesn’t work for me, since I am using the Yunohost version of Lemmy. The creators of the Yunohost package couldn’t get it to work. I haven’t really missed it honestly.

      • CrimeDad@lemmy.crimedad.workEnglish
        3·
        10 months ago

        It just means that you can’t upload pictures, including banners or avatars. However, when I want to create an image post, I just make the post on Pixelfed and then mention the Lemmy community I want to post to at the bottom of the post body. Supposedly there’s a way to reference a remote image for a banner or an avatar, but I haven’t figured that out yet.

    • pory@lemmy.worldEnglish
      241·
      10 months ago

      Child sexual abuse material - underage porn. For obvious reasons, you don’t want this to be something you’re hosting automatically out of your basement server.

        • TheRealKuni@midwest.socialEnglish
          9·
          10 months ago

          I’ve been listing to the audiobook for American Prometheus: The Triumph and Tragedy of J. Robert Oppenheimer and the number of times they say “CP” as an abbreviation for “Communist Party” is too damn high.

          Also last time I went to the amusement park Cedar Point they’ve got “CP” as an abbreviation on all sorts of stuff.

          Made me chuckle, but I do think it’s perhaps time to move to the abbreviation CSAM since it’s less likely to get used for other purposes.