The attacker seems to be the admin of those two instances. Both instances have their registrations closed.
Edit: It is now open for both of them, or was already. I checked the Fediseer page for both instances and it still says that their registrations are closed.
Though it is suspicious that no captcha, email confirmation or manual approval is required for both of these instances. The admin of lemmy.doesnotexist.club seems to be inactive since their account creation yet this instance is still running. If the admin is the attacker, it could also be that they are the one behind the recent nicole spam.
https://gui.fediseer.com/instances/detail/chinese.lol
https://gui.fediseer.com/instances/detail/lemmy.doesnotexist.club
cross-posted from: https://hackertalks.com/post/8713785
The instances being used are
- lemmy.doesnotexist.club
- chinese.lol
Here is an example of the coordinated downvoting https://hackertalks.com/post/8692093
Of course its a controversial user who got someone angry enough to automated downvoting @[email protected]
But you can see every post they make gets 53ish downvotes from these two instances, plus some organic ones after a few hours.
Current downvoting Accounts
bot-list
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
A individual user airing their personal biases and manipulating lemmy isn't good for the community, regardless of how you feel about their target. This is a really bad thing (tm)
Seems relatively painless to chop those two instances off - chinese.lol has less than 200 users, and I can't even find instance info for doesnotexist.club (coincidence? i think NOT).
I do personally wonder how difficult it is to spin up new instances though. How much effort would it be for them to create a new one and do it again?
I'm actually most concerned with the IP leaking of the fediverse chick posts - hopefully some progress has been made with the IP leaking in auto-loaded external media through DM's
I'm curious, what is it about IP leaking that concerns you? I've been thinking about it lately but I have a hard time seeing why it's a problem.
For one, you now know there is someone on the other end, so you can target your attacks instead of trying random ips.