this post was submitted on 26 Jul 2024
79 points (98.8% liked)

Fediverse

17729 readers
134 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
 

publication croisée depuis : https://lemmy.pierre-couy.fr/post/584644

While monitoring my Pi-Hole logs today, I noticed a bunch of queries for XXXXXX.bodis.com, where XXXXXX are numbers. I saw a few variations for the numbers, each one being queried several times.

Digging further, I found out these queries were caused by CNAME records on domains that look like they used to point to Lemmy/Kbin instances.

From what I understand, domain owners can register a CNAME record to XXXXXX.bodis.com and earn some money from the traffic it receives. I guess that each number variation is a domain owner ID in Bodis' database. I saw between 5 to 10 different number variations, each one being pointed to by a bunch of old Lemmy domains.

This probably means that among actors who snatch expired domains, several of them have taken a specific interest with expired domains of old Lemmy instances. Another hypothesis is that there were a lot of domains registered for hosting Lemmy during the Reddit API debacle (about 1 year ago), which started expiring recently.

Are there any other instance admins who noticed the same thing ? Is any of my two hypothesis more plausible than the other ? Should we worry about this trend ?

Anyway, I hope this at least serves as a reminder to not let our domains expire ;)

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 3 months ago* (last edited 3 months ago) (1 children)

~~I feel like this could be abused by a bad actor by recreating instances in several ways:~~

  1. ~~Use the "dead" accounts that are still mods on communities on other instances.~~
  2. ~~Sneakily monitor user behavior (like votes etc.) without looking out of place.~~
  3. ~~Impersonate users.~~

~~I feel like it would be a good idea to start a list of the domains of dead instances and add them to a blocklist until the original people start using them again.~~

EDIT: This doesn't seem like a real problem due to key signing.

[–] [email protected] 4 points 3 months ago (1 children)

This is just the domain name, not the instance itself. If the instance is offline the moderator accounts will be inaccessible even if the domain name is sold.

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago) (1 children)

Yes, but what if someone just creates a new instance and adds previous accounts. How do other instances know that the running instance has changed and didn't just go offline if it's registered on the original domain?

[–] [email protected] 2 points 3 months ago (1 children)

I would hope there's some kind of key signing mechanism to prove it's the same instance and not just someone else who's running another on the same domain.

[–] [email protected] 4 points 3 months ago (1 children)
[–] [email protected] 2 points 3 months ago (1 children)

Thanks for the details ! Still curious to know how a new instance, with an old domain and fresh keys, would be handled by other instances.

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

Yeah, I first thought it was optional and was pleasently surprised when I found out Lemmy implements it, but I'm not quite sure if other software properly implement it either.