VLemmy AWOL Investigation

RCMaehl [Any]@lemmy.world to Fediverse@lemmy.world – 118 points –

What I know so far:

  • vlemmy is still "up" and intermittently accessible. It is running slow as hell, PLEASE DO NOT VISIT THE INSTANCE as it will likely only slow things down more and make it inaccessible again.

  • Stripe, Librepay, and Github accounts are all closed. Closure date unknown
  • Reddit account still exists and has been messaged
  • No mentions of the instance in Element.io chats but still searching
  • They have almost certainly NOT lost their domain. Who.is historical records show no ownership or nameserver changes.

I have some minor personal details I've found that I'll be deep driving on later, but it's 1AM EST. I'm heading to bed but will continue on the investigation around 9AM EST.

Update 1PM EST July 9th:

Hi all, I'm working through about 40 different potential leads right now.

Although I need some help! Specifically, I need people who have viewed !kerbalspaceprogram@vlemmy.net to check their browser cache for this image:

https://vlemmy.net/pictrs/image/928b2f95-a37c-4e94-bd70-bc014c8655d4.jpeg

You can do so using one of the following NIrsoft tools:

I'm hoping since it's a historic image linked to their internet presence that it might generate specific leads.

I'll update more as things progress.

58

You are viewing a single comment

While I understand everyone's belief that the admin, @pyarra@vlemmy.net, abandoned the instance, I do not believe so for a few key reasons:

  1. They asked for additional admins no less than 24h before the first connection issues. This indicates their willingness to put in work for the instance and expand.
  2. They raised a legal issue with having to defederate from an instance just a few hours prior to the connection issues. The instance in question was hosting content that can be seen as child pornography in Irish law - which is where vlemm.net is hosted. @pyarra@vlemmy.net was incredibly transparent with this issue. This level of transparency makes me doubt they would suddenly disappear purposefully. Speculatively I can guess that the legal issues may be connected to the going-dark.
  3. The site is still occasionally loading, but extremely slow and not correctly. In addition to this, it shows a logged in user (PrinceHabib72) - which is not me. There was a known security vulnerability in lemmy (see here ). The vulnerability includes cookie / token immitation and stealing. Having a logged in user (that is not me) when loading the site thus rings alarm bells to me. Apart from the logged in user, the inability to properly load the site most times but sometimes parts of it load (and the remaining requests time out, like getting icons and content etc.), screams denial-of-service to me.

Just like the other people in this thread, these are speculations. However, I have a weird feeling in screaming 'abandon' here. Given everything observed, that does not feel right to me.

I just saw your post. I have this thread bookmarked since it's pretty interestibg, tbh. I'd love to know what exactly happened.

I completely agree wih those 3 points, although I do think #1 is pretty weak (no offense, but I considered that and I wrote it off).

#2 is interesting because of the timing. I saw the owner post about it, but there was no indication that he was in a panic because of it. Personally, so far I am leaning towards this as the smoking gun, although the donation links being down kind of throws a wrench there.

#3 is something I believe can be significant. Problem is idk much about that area.

What's your personal opinion about what happened?

1 more...