WARNING: Lemmy Self-Hosters, There Have Been CSAM Attacks taking place against !lemmyshitpost@lemmy.worldlocked
cross-posted from: https://jamie.moe/post/113630
There have been users spamming CSAM content in !lemmyshitpost@lemmy.world causing it to federate to other instances. If your instance is subscribed to this community, you should take action to rectify it immediately. I recommend performing a hard delete via command line on the server.
I deleted every image from the past 24 hours personally, using the following command:
sudo find /srv/lemmy/example.com/volumes/pictrs/files -type f -ctime -1 -exec shred {} \;
Note: Your local jurisdiction may impose a duty to report or other obligations. Check with these, but always prioritize ensuring that the content does not continue to be served.
Update
Apparently the Lemmy Shitpost community is shut down as of now.
You are viewing a single comment
I checked and there shouldn't be any images stored on the server when running lemmy 1.18.4. The post was made in high emotional distress and shouldn't be taken at a face value. If the posts are bothering you I advise purging the posts in question. (I have already done that)
I'm on 1.18.4, once I deleted the most recent images, the former CSAM posts(among others) became broken images. So yes, it was pulling from local disk cache. Then I took care of the posts themselves after the content was invalidated.
How did you check this? From my understanding, images from external servers are copied (and transcoded) over locally. At least in my server (running 0.18.4), they do.
There is a possibility that my instance is buggy and it isn't caching images even though it should.
It's pretty inconsistent from my experience. Sometimes images do cache and sometimes they don't.
edit:
Here's an example from my instance:
https://ani.social/post/284147 - JPEG image that isn't copied/cached by my server.
https://ani.social/post/285861 - WEBP image copied/cached by my server.
Let me try to figure this out. The first is a photo uploaded to lemmy.world, the second is a photo originally uploaded to lemmy.nz, both posts are in a federated version of lemmy.world's shitpost community.
This is just a theory, but perhaps images hosted on the same server as the federated community will directly link, whereas images uploaded somewhere other than the federated community will be copied into cache, presumably in case the original host shuts down unexpectedly? See if this is the case?
https://ani.social/post/288601 - This image is uploaded from a user on the same instance as the federated community (lemmy.world) but the image is cached.
https://ani.social/post/285354 - This image is uploaded from a user on a different instance (lemm.ee) from the federated community (lemmy.world) but the image is not cached.
The behaviour is pretty weird. Hopefully we can disable image caching/copying-over-locally so we don't have to deal with problematic images hosted by other instances.
It depends on how the image posted, the thumbnails might get federated. If the image is used in a post/comment body, usually the thumbnails are not federated.
You can refer to this post. The full image is copied to my instance (and transcoded). Not just the thumbnail.
I shut down the pictrs or whatever docker container on my instance so all I host is containers and the database. All the images that I see on my instance are external links. I can check by just looking at the rendered HTML.
https://files.catbox.moe/vm4yxl.png