I noticed that my server import the bans from other instances. I think it’s a great feature at the moment where there is no complains of anyone creating servers to abuse it, but I feel like it’s bound to happen if there is no safety for it.

If we want to keep it easy for creating servers, maybe they should have a trust level, that could be set either manually or with some heuristics. I like the idea of some heuristics with the option for the admins to take some manual action.

(dunno if it’s the right place to discuss that, is there some more appropriate community to ask things about lemmy itself, since this one is specific to lemmy.world?)

  • breadsmasher@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    What type of bans are you seeing imported? Theres community and instance bans. It makes sense for instance A to import Instance Bs hosted communities banlist, but it would be wild if its importing instance level to then ban from both instances

    • willya@lemmyf.uk
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      It’s not clear but if you run an instance you just have a giant ban list in your admin page. No details about them.

    • fbmac@lemmy.fbmac.netOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      1 year ago

      I didn’t ban anyone on my instance, it’s a new one. They appear on this screen and in the modlog, it doesn’t say anything about the type of ban

    • nottheengineer@feddit.de
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      But that’s a manual process. It would be nice to monitor the federation status of all servers and slap an algorithm like K-Means on that to find clusters and outliers.

      You could then decide which ones to autonatically federate/defederate based on that data.

      I’m going to look into that, maybe I can write the part that gathers the data.

    • fbmac@lemmy.fbmac.netOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      It’s a manual action, that must be taken for all instances AFAIK. An attacking software could pretend to be thousands of new instances, and a DDOS attack against lemmy is something that already happened in the past.

  • willya@lemmyf.uk
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 year ago

    Been wondering this myself. Just didn’t want to say it out loud and give someone an idea hah

    • fbmac@lemmy.fbmac.netOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I was a bit conflicted about asking that too. I guess for anyone actively searching for vulnerabilities to attack that will be obvious enough