I noticed that my server import the bans from other instances. I think it’s a great feature at the moment where there is no complains of anyone creating servers to abuse it, but I feel like it’s bound to happen if there is no safety for it.
If we want to keep it easy for creating servers, maybe they should have a trust level, that could be set either manually or with some heuristics. I like the idea of some heuristics with the option for the admins to take some manual action.
(dunno if it’s the right place to discuss that, is there some more appropriate community to ask things about lemmy itself, since this one is specific to lemmy.world?)
What type of bans are you seeing imported? Theres community and instance bans. It makes sense for instance A to import Instance Bs hosted communities banlist, but it would be wild if its importing instance level to then ban from both instances
It’s not clear but if you run an instance you just have a giant ban list in your admin page. No details about them.
I didn’t ban anyone on my instance, it’s a new one. They appear on this screen and in the modlog, it doesn’t say anything about the type of ban
I think i recognize one of the names, that person posted CSAM
If someone was abusing it they’d rapidly get defederated.
But that’s a manual process. It would be nice to monitor the federation status of all servers and slap an algorithm like K-Means on that to find clusters and outliers.
You could then decide which ones to autonatically federate/defederate based on that data.
I’m going to look into that, maybe I can write the part that gathers the data.
Anything that makes Lemmy’s “immune response” quicker has to be a plus.
It’s a manual action, that must be taken for all instances AFAIK. An attacking software could pretend to be thousands of new instances, and a DDOS attack against lemmy is something that already happened in the past.
Been wondering this myself. Just didn’t want to say it out loud and give someone an idea hah
I was a bit conflicted about asking that too. I guess for anyone actively searching for vulnerabilities to attack that will be obvious enough