Lemmy.world is down because of a DDOS attack

Burns@lemm.ee to Lemmy@lemmy.ml – 255 points –
lemmy-world.statuspage.io
58

Lemmy.world can't catch a break.

They are the biggest, so the target is larger or at least more well known.

I now exist on two lemmies. Behold the power of the fediverse!

I now exist on two lemmies.

They're instances, or servers. Lemmy is the platform.

Lemmy tell you, in this instance, I'm not being literal.

Just clarifying. It's a mistake I see a lot around here.

I hate assholes that do this. Why? I mean really why?

Some men just want to watch the world burn. Namely assholes.

The only DDoS that I can half-way tolerate is ones that go against corporations/governments that do evil shit. And even then, those attacks had better not effect people's health and welfare needs. Yes, assholes abound.

Children. They’re children. Let’s not call these childish little bastards “men”!

Apologies, it can also be women. I'm just constrained by the quote.

12 more...

Hopefully this crap is contributing to Lemmy overall being stronger. If the developers can plug the holes in the overall architecture so systemic vulnerabilities are minimal, and people make accounts on multiple instances and just switch when one is down, it might take the "fun" out of taking an instance down.

DDOS is a pretty brute-force attack, so it isn't typically relying on a vulnerability per se. Pretty much the only way to mitigate it is to have large enough infrastructure that you can detect and filter out its gobs of spammy traffic, which no Lemmy instances (at least at the moment) can really practically have. They could potentially use a service like CloudFlare, which does have that infrastructure in place, but that can be expensive. I'd imagine CloudFlare (or a competitor) is probably the best solution they can go with, at least in the short-term.

Yeah, for this one I was meaning the alternate account part. But this one is just the latest in a string, most of which were vulnerabilities or flaws in the architecture. I could have been more clear though.

They're back, but performance is a bit slow.

With all the problems lemmy.world has been having, I've been using the opportunity to test out kbin as well.

Hopefully the Lemmy devs will be able to sort out all the problems.

Easy target since it's so big. I still think it's madness to have so many users on one instance. But I guess people need to learn...

lemmy.ml has been unreachable or "Error" page with lemmy-ui off an on for past 90 minutes.

Again??

Edit: I know the last wasn't DDOS, but still.

What would be the probability of u/spez being behind this attack, in an attempt to sabotage lemmy?

Minimal. It frankly just doesn't actually advance his goals very significantly. Nor is he a particularly clever man that thinks of unusual strategies.

I think his focus is on squeezing his current userbase more than any kind of long term caring about the size of it. Wouldn't be surprised if he plans to quit his job in the next 5 years and collect a fat severance anyway. He'd rather people not leave, but DDoSing a small chunk of people somewhere else doesn't really help much.

This is a random attack, so ask yourself who benefits? For one thing, it's fun. It also pisses some people off. It also irritates a fairly politically active population.

Who wants all those things? Trolls, of course. Why are they, specifically, trolling? Varies individual to individual, but mainly it's about causing pain to others.

Some of the larger subreddits probably have more traffic than all of lemmy. I don't think he's spending his time trying to figure out how to sabotage lemmy.

What would be the probability of u/spez being behind this attack, in an attempt to sabotage lemmy?

Lets be honest... he is too busy single-handedly destroy reddit to worry about messing with Lemmy. I think lemmy is the least of his issues right now.

IRC has had a history of people trying to take down servers from time to time.

I'd guess a random person who got banned from a lemmy.world community or the like.

FYI, this is an attempt at humour, clearly "/s" is needed on lemmy as much as it was on reddit 😅

@yggdar

Well just don’t discount the possibility that somebody is doing it just for the lolz.

When it comes to this sort of thing there doesn’t need to be any rational motivation or intention to sabotage.

@Burns