cross-posted from: https://jamie.moe/post/113630
There have been users spamming CSAM content in !lemmyshitpost@lemmy.world causing it to federate to other instances. If your instance is subscribed to this community, you should take action to rectify it immediately. I recommend performing a hard delete via command line on the server.
I deleted every image from the past 24 hours personally, using the following command:
sudo find /srv/lemmy/example.com/volumes/pictrs/files -type f -ctime -1 -exec shred {} \;
Note: Your local jurisdiction may impose a duty to report or other obligations. Check with these, but always prioritize ensuring that the content does not continue to be served.
Update
Apparently the Lemmy Shitpost community is shut down as of now.
Likely Spez’s personal jailbait collection
Why do these deranged fucks do this
You really think the trolls would pass up on this golden opportunity?
Archive.org gets crapped up this way, too. Repulsive people posting repulsive stuff, “troll” is too kind a word.
This isn’t trolling, this is just disgusting crime.
The crime happened in the past when the children were abused. This is some weird amalgam of criminal trolling.
Edit: yeah yeah I get that csam is criminal, that’s why I called it an amalgam. It’s both trolling and criminal.
spreading child pornography is in fact illegal in most of the world
Depending on jurisdiction, I am not a lawyer, etc etc, but I’d imagine with fairly high degree of probability that re-distribution of CSAM is also a crime.
It’s still a crime. Taking the pictures is a crime. Sharing the pictures is also a crime.
Some sick fuck out there kept the files
deleted by creator
I checked and there shouldn’t be any images stored on the server when running lemmy 1.18.4. The post was made in high emotional distress and shouldn’t be taken at a face value. If the posts are bothering you I advise purging the posts in question. (I have already done that)
How did you check this? From my understanding, images from external servers are copied (and transcoded) over locally. At least in my server (running 0.18.4), they do.
It depends on how the image posted, the thumbnails might get federated. If the image is used in a post/comment body, usually the thumbnails are not federated.
You can refer to this post. The full image is copied to my instance (and transcoded). Not just the thumbnail.
I shut down the pictrs or whatever docker container on my instance so all I host is containers and the database. All the images that I see on my instance are external links. I can check by just looking at the rendered HTML.
There is a possibility that my instance is buggy and it isn’t caching images even though it should.
It’s pretty inconsistent from my experience. Sometimes images do cache and sometimes they don’t.
edit:
Here’s an example from my instance:
https://ani.social/post/284147 - JPEG image that isn’t copied/cached by my server.
https://ani.social/post/285861 - WEBP image copied/cached by my server.
Let me try to figure this out. The first is a photo uploaded to lemmy.world, the second is a photo originally uploaded to lemmy.nz, both posts are in a federated version of lemmy.world’s shitpost community.
This is just a theory, but perhaps images hosted on the same server as the federated community will directly link, whereas images uploaded somewhere other than the federated community will be copied into cache, presumably in case the original host shuts down unexpectedly? See if this is the case?
images hosted on the same server as the federated community will directly link
https://ani.social/post/288601 - This image is uploaded from a user on the same instance as the federated community (lemmy.world) but the image is cached.
images uploaded somewhere other than the federated community will be copied into cache
https://ani.social/post/285354 - This image is uploaded from a user on a different instance (lemm.ee) from the federated community (lemmy.world) but the image is not cached.
The behaviour is pretty weird. Hopefully we can disable image caching/copying-over-locally so we don’t have to deal with problematic images hosted by other instances.
I’m on 1.18.4, once I deleted the most recent images, the former CSAM posts(among others) became broken images. So yes, it was pulling from local disk cache. Then I took care of the posts themselves after the content was invalidated.
What’s CSAM?
Just google it.
Edit: Not Safe For Life
I kind of suspected it’s better not to google it at work.
Restroom collateral subject material
Child sexual abuse material - underage porn. For obvious reasons, you don’t want this to be something you’re hosting automatically out of your basement server.
That’s what I thought. Back in my days it was called CP.
I’ve been listing to the audiobook for American Prometheus: The Triumph and Tragedy of J. Robert Oppenheimer and the number of times they say “CP” as an abbreviation for “Communist Party” is too damn high.
Also last time I went to the amusement park Cedar Point they’ve got “CP” as an abbreviation on all sorts of stuff.
Made me chuckle, but I do think it’s perhaps time to move to the abbreviation CSAM since it’s less likely to get used for other purposes.
Youtube literally flat banned any channel with CP in it. Regardless of what CP actually stood for, like say combat power in pokemon go… Lots of bigger YouTubers got hit with account closures for like a week before it got reversed.
https://www.techspot.com/news/78814-youtube-bans-several-pokmon-go-channels-over-mistaken.html
Child sexual abuse material
I got lucky. I am not subscribed to this community, and I am the only person on my instance. But what if I was subscribed and hadn’t seen this post? This is too much responsibility for me.
I just shut down my instance until we can disable cached images. If that never happens, then I’m not bringing it back up.
Shout-out to https://github.com/wescode/lemmy_migrate. I moved my subscriptions over in a minute or two, and now, other than not having my post history, it’s exactly the same.
It is coming, don’t worry.
Do we have a PR or issue tracking that? That’s a pretty major item I’m looking forward to
Good, hopefully next release
If the source deletes the post. Won’t that remove it from all the instances ?
big F in chat for those of you dealing with this. my #1 fear about setting upand instance.
I’m not subscribed to that community, but I guess I’m glad Pictrs doesn’t work for me, since I am using the Yunohost version of Lemmy. The creators of the Yunohost package couldn’t get it to work. I haven’t really missed it honestly.
Can you run lemmy without pictrs? What behavior is different?
It just means that you can’t upload pictures, including banners or avatars. However, when I want to create an image post, I just make the post on Pixelfed and then mention the Lemmy community I want to post to at the bottom of the post body. Supposedly there’s a way to reference a remote image for a banner or an avatar, but I haven’t figured that out yet.
I was looking into self hosting. What can I do to avoid dealing with this? Can I not cache images? Would I get in legal trouble for being federated with an instance being spammed?
Refer to this comment chain from this same thread https://poptalk.scrubbles.tech/comment/577589
Someone else here mentioned not running "pictrs” at all
As far as I know, images should not be federating to federated instances, right? Image proxying is supposed to be added to pictrs version 0.5.0 but it is still in alpha.
Images do sometimes. At least in my instance they do. See this post for example. There’s a local copy stored in my server.
edit: I’m running pict-rs 0.4.2
I get it. Thumbnails are cached. Thanks.
Not just the thumbnail. The full image is cached. There’s a PR request to disable thumbnail caching but not the full image.
Yeah you are right. It’s here: https://ani.social/pictrs/image/78d05797-5b02-4c5a-bd86-132f0f41856c.webp
Thanks.
Likely scum moves from reddit patriots to destroy or weaken the fediverse.
I remember when Murdoch hired that Israeli tech company in Haifa to find weaknesses is TV smart cards and then leaked it to destroy their market by flooding counterfit smart cards.
They are getting desperate along with those DDOS attacks.
Could be, but more likely it’s just the result of having self hosted services, you have individuals exposing their own small servers to the wilderness of internet.
These trols also try constantly to post their crap to mainstream social media but they have it more difficult there. My guess is that they noticed lemmy is getting a big traction and has very poor media content control. Easy target.
Moderating media content is a difficult task and for sure centralized social media have better filters and actual humans in place to review content. Sadly, only big tech companies can pay for such infrastructure to moderate media content.
I don’t see an easy way for federated servers to cope with this.
Yeah exactly. This is the main reason I decided not to attempt to self host a Lemmy instance. No way am I going to let anyone outside of my control have the ability to place a file of their choosing on my hardware. Big nope for me.
Could someone please ELI5 that script. I’m all for keeping things clean, but old enough to remember the days of console based trolling.
sudoAs root
find /srv/lemmy/example.com/volumes/pictrs/filesFind files in
/srv/lemmy...that:-type fAre plain files (not directories, symlinks, etc; includes images)
-ctime -1And were created within an amount of time (probably last day, haven’t used this flag in a while)
-exec rm {} \\;For each matching file found execute
rmon it (delete it).I don’t think rm is gonna cut it if you have that shit on disk
How desperate to destroy Lemmy must you be to spam CSAM on communities and potentially get innocent people into trouble?
Maybe you’re a dev on the Reddit team and own a lot of shares for what you know is about to go public?
Self hoster here, im nuking all of pictrs. People are sick. Luckily I did not see anything, however I was subscribed to the community.
- Did a shred on my entire pictrs volume (all images ever):
sudo find /srv/lemmy/example.com/volumes/pictrs -type f -exec shred {} \;-
Removed the pictrs config in lemmy.hjson
-
removed pictrs container from docker compose
Anything else I should to protect my instance, besides shutting down completely?
Is it possible to prune pictrs by community name?
Not really. You could technically locate the images and determine precisely which ones they are from their filenames, but that means you actually have to view the images long enough to pull the URL. I had no desire to view them for even a moment, and just universally removed them.
As mentioned in my edit above though, ensure you are in compliance with local regulations when dealing with the material in case you have to do any preservation for law enforcement or something.
There is a purge community option available for admins but that did nothing.
From what I was informed, purging a post doesn’t remove the associated cached data. So I didn’t take any chances.
