2y ago

What has been up with lemmy.world lately?

postimg.cc

Screenshot 2023 08 08 4 38 25 PM — Postimages

At this point, many people have been bailing from the server due to the uptime issues. What's the rub?

58 comments

They're being targeted for constant DDoS attacks. Could be multiple reasons. But the takeaway should be to spread out evenly through the fediverse. Don't all pile into .world (as I post this on my .world account).
- Probably those ultra right-wingers from that recently defederated instance being the adult man-children they always are.
  
  It could be tbut the most recent de-federation controversy didn't involve a right wing instance.
- Any recommendations other than .world?
  
  I've been going to sh.itjust.works. You can find a list of other instances here as well.
  
  come join us at startrek.website
  
  Lemmings.world - so far a small instance with big heart!
  
  Lemmy Explorer can help give a big picture view of what's out there, both in instances and in communities. Kbin instances are also viewable, you have to select them from the top right menu.
  
  Been on kbin.social for a month and it's been pretty solid. Note it's a different platform than lemmy (designed to read both lemmy and mastodon), but does a great job posting to and handling the content from lemmy platforms. There's growing pains here too, but the uptime has been good.
  
  just find a regional one run by a committed nerd
- The big reason for being a target is the size. Why attack smaller ones with less effect? Like making a virus for anything besides Windows. But maybe the long term benefit is the movement of some to other instances, balancing out the loads.
  
  The DDoS is coming from inaide the server 👀
My guess, some loveless planarian with a botnet felt they didn't get enough attention from mommy and decided to hit .world with a couple DDOS attacks.
One claim is DDOS attacks, another claim is that the servers are too small for the massive amount of people that recently adopted lemmy
I'd love to know which is true just because .. . . it's fun to know details
- Massive amounts of organic traffic to too small a server technically is a DDOS, even if unintentional rather than malicious. So, both to varying degrees, probably?
  
  Isn't that what was termed the reddit hug of death?
- It's DDOS. The admins for World have explicitly said so, and even said exactly how the attacks have been perpetrated by exploiting calls that require a lot of processing time to overload the server.
- The numbers are quite open at the maintenance community. Unless most users just decide to visit it together every day, there's a DDoS going on.
They were getting hit with a lot of DDoS attacks a week or two ago, that may still be going on. Also they took off faster than most instances so a lot of this is just growing pains.
many people have been bailing from the server
That's not a bad thing, the content is shared between instances so you can get it on the other sites too. People going to other sites will hopefully help balance the load and possibly help with the growing pains. I haven't created an account on another instance yet, but I've been visiting other instances when .world goes down.
Growing pains. It's ok we'll pull through.
- Worse then that.
  Theyre more then three times the size of the next lemmy instance which creates an attack surface.
4 hours to post this?
DDOS? Cloudflare is supposed to stop that. I see a lot of cloudflare errors.
lemmy world status shows 292 instances in the past 8 days! Elevated response times and system resources repeated endlessly.
Insufficient RAM and CPU are my main suspicion due to explosive growth. Parts aren't cheap but are needed.
How can we help with funding?
Subscriptions? - NO. This is not a commercial endeavour.
Donations? - Maybe. One off donations with no further commitment. Obviously, donate again if you want to.
Go Fund Me? - Possible but who sets it up. Possible fraud?
- It's like a fun* little cat and mouse game, you figure out the patterns to block specific traffic, then they adapt and you start again. I even saw some users comment the other day they were being hit with false positives and blocked because the blocking was too aggressive. Fortunately there are companies that specialize in this kind of stuff like cloudflare. But that costs money so it wasn't added until just recently, so it's possible attacks are still getting around that.
  *obnoxious
- that's the neat part, you don't.
  or at least, not easily.
- Various clues, like what URLs they are requesting, what IPs/regions it's from, if it appears to be real clients based on user agent and ability to execute javascript, and so on.
I left because of the executive decision to defederate from hexbear.
- Thinking about doing the same. Which instance did you go to?
  
  I put an application in to unilem.org (because of their non-censorship stance) and I'm using lemm.ee in the meantime.
  
  Lemmygrad
- I'm sure there'll be plenty of others who do the same. Really odd decision.
I've hopped to another server due to the abysmal uptime of late. I'll continue checking in though. I know they're working on adding sysops so I'm sure things will improve.
I wish the admins would come out and give an update as to what is going on.
I wish I could migrate my account to another instance.
- You can, sort of.
  Use LASIM to download your subbed communities next time lemmy.world is up. Make a new account on another instance. Upload your communities to the new account with LASIM.
  Unfortunately, posts/comments don't go - but you can do like me and just leave a trail between your accounts (if you care enough). I just link to and from my old/new accounts in the bio each time I make one. It's a little janky, but it works - and it's better than waiting hours for lemmy.world to be up for 12 minutes before going down again.
  
  I'm gonna save this reply thanks!
  Whats LASIM though?
- There is a status page that tracks the downtime, it's not totally detailed but gives a bit of information about the problem they're dealing with. The last 2 days of logs are particularly bad 14+ hrs of partial downtime.
  https://lemmy-world.statuspage.io/
Really sucks that some dummies would attack lemmy like this.
- Yeah I'm just trying to watch cat vids and those dank memes
Also another thread on the topic : https://lemmy.world/post/2856311
It's in !fediverse@lemmy.world , named "When you notice Lemmy is quieter than usual, then have a look at the Lemmy.world status"

58 comments