The instances being used are
- lemmy.doesnotexist.club
- chinese.lol
Here is an example of the coordinated downvoting https://hackertalks.com/post/8692093
Of course its a controversial user who got someone angry enough to automated downvoting @DonaldJMusk@lemmy.today
But you can see every post they make gets 53ish downvotes from these two instances, plus some organic ones after a few hours.
Current downvoting Accounts
bot-list
LightIsland@chinese.lol MagnificentRow@chinese.lol FondKnowledge@chinese.lol SillyTowel95@chinese.lol HelplessDear@chinese.lol SomberBrain@chinese.lol InexperiencedCloset@chinese.lol NecessaryPerson11@chinese.lol ClosedEmployment@chinese.lol CoarseHair420@chinese.lol BurlyChampionship49@chinese.lol ZigzagNatural@chinese.lol QuestionableDirt@chinese.lol ProudDeparture@lemmy.doesnotexist.club JoyousDouble@chinese.lol UnitedPatience@chinese.lol MajesticArea@lemmy.doesnotexist.club SinfulConference@chinese.lol MoralDivide96@chinese.lol LeadingCarry65@chinese.lol FrillyOpinion38@lemmy.doesnotexist.club LimitedDiscount49@lemmy.doesnotexist.club ForkedScreen@chinese.lol MediumChemistry13@chinese.lol xXxLawfulGrassxXx@lemmy.doesnotexist.club VisibleSentence@chinese.lol AcidicLawyer90@lemmy.doesnotexist.club PriceySink14@lemmy.doesnotexist.club ExcellentBeach@chinese.lol VivaciousNews@lemmy.doesnotexist.club LankyIndependent32@lemmy.doesnotexist.club SpeedyFault@chinese.lol ConcreteHall89@lemmy.doesnotexist.club WorthyPoint12@lemmy.doesnotexist.club SurprisedAdult99@chinese.lol FlashyCrack@lemmy.doesnotexist.club MasculineBeing@chinese.lol RichWeird@lemmy.doesnotexist.club DryCash97@lemmy.doesnotexist.club AuthorizedChair@chinese.lol SlimKiss@lemmy.doesnotexist.club AromaticRoof78@lemmy.doesnotexist.club BewitchedInterview@lemmy.doesnotexist.club ImaginaryDraw@lemmy.doesnotexist.club PertinentGround@chinese.lol SinfulAssumption@lemmy.doesnotexist.club AwkwardAnybody30@lemmy.doesnotexist.club UnwillingRestaurant@lemmy.doesnotexist.club InsubstantialOven@lemmy.doesnotexist.club
A individual user airing their personal biases and manipulating lemmy isn’t good for the community, regardless of how you feel about their target. This is a really bad thing ™
This highlights one of the things that I saw as a benefit when I started on kbin: being able to see who the downvote fairies were. I know the discussion has been done to death on the Lemmy side, but as a user I found it interesting to be able to see this kind of info. For example, instead of just block/reporting the spammer, I could block their sock puppets that upvoted as well. (And did kbin.social have a lot of that towards the end. Oof.)
Thanks for digging into this.
There is some interesting area here, like a personalized vote score, based on others who vote similar to you, giving them more weight then people you never agree with.
net-net I think open votes make for better neighbors.
PieFed has some interesting thoughts along these lines.
I actively expect to never see such a thing in Lemmy though.
I never realized that was a kbin only thing. I just assumed my instance/mbin blocked that feature.
Not sure if this community was the best place to post this, but yeah, that seems like a bad thing. Thanks for pointing it out. I do find it funny how most of the bot names follow the AdjectiveNounNumber format.
Lemmings of all instances, you may want to let your local admins know of this potential issue.
Here’s a link to the megathread of support/meta communities for each instance: https://lemmy.dbzer0.com/post/40519876
You should be able to find your instance’s support/meta community in the list and cross-post OP’s post to it.
I was trying to think of the right community for this… its not fedidrama, I want to target moderators and admins… is there a better community?
We need a lemmyadmin community.
The attacker is the admin of these two instances. Both instances have their registrations closed.
When I look, both have open registrations and don’t even have a captcha? You see registrations as closed?
It could be that Fediseer is outdated. I looked at the instance’s fediseer page.
https://gui.fediseer.com/instances/detail/chinese.lol
https://gui.fediseer.com/instances/detail/lemmy.doesnotexist.club
Edit: Their registrations are indeed open. Perhaps they opened it just now?
Though it is also suspicious why the owner leaves the registrations open, requires no captcha, no approval nor any email confirmation, and the admin of lemmy.doesnotexist.club has been inactive since their account creation. Seems suspicious to me.
They have both had open registrations for at least several hours. I think perhaps there’s something wrong with Fediseer’s detection?
Given the issues, I’m guessing these instances have been open for some time. lemmy.doesnotexist.club has definitely had a few “Nicole” accounts and some trolls.
I checked the web archive. The registrations have been open since 2023. I think it’s safe to assume that the admin is indeed the one behind this and possibly also behind the nicole spam. And it has been a year since these bot accounts were created and they are still being created, the admin does nothing, does not interact with anyone, but still hosts the instance.
https://web.archive.org/web/20230809200352/https://lemmy.doesnotexist.club
We desperately need some system to fight against these type of attacks. It is still not much of a problem. Creating bot accounts and then spamming the entire Fediverse isn’t hard but defending against it will be in the future.
Why do you assume the admin is behind it? If you have an instance that has open registrations and no captcha, then bots will take advantage of that. It doesn’t mean the admin is the one doing the attacks.
In fact, such instances are more common than they should be since open registrations with no captcha is the default configuration, last I checked 😑
.lol
The list of accounts is helpful. I’m going to copy+paste an idea that I had suggested elsewhere previously that someone with the means to achieve could set up to help fight these bot/astro-turf accounts:
There are some other ideas in that comment too, but this one is the most relevant.
Great work. It doesn’t matter who the target is this time (pretty sure I blocked them every time they popped up with a new account). This kind of shit should not be tolerated at all.
lemmy . doesnotexist . club is where all those Nicole pictures are linked from for some reason.
what does defederated mean?
like trusted instance admins to block untrusted ones (like the ones in the post) from showing all content/interactions on the trusted instance so users dont interact with them - like server block?
Yep, exactly that. It’s a little more complex, thus the different term (defederation), but from user-perspective it’s exactly that: a server block.
Thanks
@kersploosh@sh.itjust.works I think this is something you should look at as SJW is under the federated list
Right now the second link returns errors. Probably that instance is down.
Men. Tough. I agree it shouldn’t be allowed, but I can’t find a shred of sympathy for Nazis.
Hi, I’m the admin for chinese.lol, and I just realized that my instance was compromised by those bots, as there is no verification required during registration. Let me check the database and work on banning those suspicious accounts. Also, could you suggest any methods to prevent these bot attacks and stop them from registering in the future?
Welcome! Join Lemmy world defense HQ matrix room
Don’t have automatic registration approval, require manual approval
Keep an eye on accounts that never post and only vote, especially if they use the same ip or come from a vpn
I’ve just disabled federation for my instance. Thanks again for bringing this issue to my attention, and I’m really sorry for the inconvenience it has caused. I’ll make sure to clear up all the bots before re-enabling federation.
Thanks! Could you please let me know what to search for to find the Lemmy world defense HQ matrix room? I couldn’t find it now.
Additionally, I will current disable chinese.lol by applying a 0 rate limit while I take some time to investigate and remove those bots. Once I’ve cleaned it up, I’ll come back and apologize to those who were affected by the downvoting caused by the bots. I never expected someone would hack my instance to mass-register bots and cause these issues. I’m really sorry for the inconvenience this has caused.
