cross-posted from: https://jamie.moe/post/113630

There have been users spamming CSAM content in !lemmyshitpost@lemmy.world causing it to federate to other instances. If your instance is subscribed to this community, you should take action to rectify it immediately. I recommend performing a hard delete via command line on the server.

I deleted every image from the past 24 hours personally, using the following command: sudo find /srv/lemmy/example.com/volumes/pictrs/files -type f -ctime -1 -exec shred {} \;

Note: Your local jurisdiction may impose a duty to report or other obligations. Check with these, but always prioritize ensuring that the content does not continue to be served.

Update

Apparently the Lemmy Shitpost community is shut down as of now.

  • owiseedoubleyou@lemmy.ml
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    edit-2
    1 year ago

    How desperate to destroy Lemmy must you be to spam CSAM on communities and potentially get innocent people into trouble?

    • heyoni@lemm.ee
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      3
      ·
      1 year ago

      Maybe you’re a dev on the Reddit team and own a lot of shares for what you know is about to go public?

  • Catasaur@lemmy.catasaur.xyz
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    1 year ago

    Self hoster here, im nuking all of pictrs. People are sick. Luckily I did not see anything, however I was subscribed to the community.

    • Did a shred on my entire pictrs volume (all images ever):

    sudo find /srv/lemmy/example.com/volumes/pictrs -type f -exec shred {} \;

    • Removed the pictrs config in lemmy.hjson

    • removed pictrs container from docker compose

    Anything else I should to protect my instance, besides shutting down completely?

  • HybridSarcasm@lemmy.worldM
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Locking the thread. Information relevant to self-hosters has already been shared. Too many reports of off-topic comments to leave this open.

    • PastThePixels@lemmy.potatoe.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yeah… Just wow. I disabled pictrs and deleted all its images, which also means all my community images/uploaded images are gone, and it’s more of a hassle to see other people’s images, but in the end I think it’s worth it.

      Through caching every image pictrs was also taking up a massive amount of space on my Pi, which I also use for Nextcloud. So that’s another plus!

      • rar@discuss.online
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        There has to be a more elegant way of dealing with this in the future, like de-coupling between Lemmy-account hosting (which effectively means acitivypub-fediverse account) and Lemmy-communities hosting.

  • Dandroid@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I got lucky. I am not subscribed to this community, and I am the only person on my instance. But what if I was subscribed and hadn’t seen this post? This is too much responsibility for me.

    I just shut down my instance until we can disable cached images. If that never happens, then I’m not bringing it back up.

    Shout-out to https://github.com/wescode/lemmy_migrate. I moved my subscriptions over in a minute or two, and now, other than not having my post history, it’s exactly the same.

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Couldn’t this be stopped with automatic filtering of bad content? There are open source tools and libraries that do this already

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      That’s what we’re pushing the lemmy devs to do. Honestly even if they want to use proprietary tools for this instance I’m okay, I’ll happily go register an Azure account and plop an API key into the UI so it can start scanning. Lemmy should have the guardrails to prevent this from ever hitting our servers.

      In the meantime, services like cloudflare will handle the recognizing and blocking access to images like that, but the problem still comes down to the federation of images. Most small hosters do not want the risk of hosting images from the whole of the internet, and it sounds like there is code in the works to disable that. Larger hosters who allow open registrations can do what they please and host what they please, but for us individual hosters we really need tools to block this.

        • Scrubbles@poptalk.scrubbles.tech
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I’m saying when it comes to this I don’t care if it is or isn’t proprietary, frankly I’d be down if we used multiple ones. I’m all for my morals but when it comes to CSAM as long as it works. That’s the most important, and yes I’d probably use multiples

  • drcobaltjedi@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I was looking into self hosting. What can I do to avoid dealing with this? Can I not cache images? Would I get in legal trouble for being federated with an instance being spammed?