78

publication croisée depuis : https://lemmy.pierre-couy.fr/post/584644

While monitoring my Pi-Hole logs today, I noticed a bunch of queries for XXXXXX.bodis.com, where XXXXXX are numbers. I saw a few variations for the numbers, each one being queried several times.

Digging further, I found out these queries were caused by CNAME records on domains that look like they used to point to Lemmy/Kbin instances.

From what I understand, domain owners can register a CNAME record to XXXXXX.bodis.com and earn some money from the traffic it receives. I guess that each number variation is a domain owner ID in Bodis' database. I saw between 5 to 10 different number variations, each one being pointed to by a bunch of old Lemmy domains.

This probably means that among actors who snatch expired domains, several of them have taken a specific interest with expired domains of old Lemmy instances. Another hypothesis is that there were a lot of domains registered for hosting Lemmy during the Reddit API debacle (about 1 year ago), which started expiring recently.

Are there any other instance admins who noticed the same thing ? Is any of my two hypothesis more plausible than the other ? Should we worry about this trend ?

Anyway, I hope this at least serves as a reminder to not let our domains expire ;)

you are viewing a single comment's thread
view the rest of the comments
[-] qaz@lemmy.world 9 points 4 months ago* (last edited 4 months ago)

~~I feel like this could be abused by a bad actor by recreating instances in several ways:~~

  1. ~~Use the "dead" accounts that are still mods on communities on other instances.~~
  2. ~~Sneakily monitor user behavior (like votes etc.) without looking out of place.~~
  3. ~~Impersonate users.~~

~~I feel like it would be a good idea to start a list of the domains of dead instances and add them to a blocklist until the original people start using them again.~~

EDIT: This doesn't seem like a real problem due to key signing.

[-] Corgana@startrek.website 3 points 4 months ago

This is just the domain name, not the instance itself. If the instance is offline the moderator accounts will be inaccessible even if the domain name is sold.

[-] qaz@lemmy.world 5 points 4 months ago* (last edited 4 months ago)

Yes, but what if someone just creates a new instance and adds previous accounts. How do other instances know that the running instance has changed and didn't just go offline if it's registered on the original domain?

[-] 2xsaiko@discuss.tchncs.de 2 points 4 months ago

I would hope there's some kind of key signing mechanism to prove it's the same instance and not just someone else who's running another on the same domain.

[-] qaz@lemmy.world 4 points 4 months ago
[-] pcouy@lemmy.pierre-couy.fr 2 points 4 months ago

Thanks for the details ! Still curious to know how a new instance, with an old domain and fresh keys, would be handled by other instances.

[-] qaz@lemmy.world 1 points 4 months ago* (last edited 4 months ago)

Yeah, I first thought it was optional and was pleasently surprised when I found out Lemmy implements it, but I'm not quite sure if other software properly implement it either.

this post was submitted on 26 Jul 2024
78 points (97.6% liked)

Fediverse

17788 readers
8 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS