cross-posted from: https://lemmy.dbzer0.com/post/40330928

Hey peeps, the well-known spam problem in lemmy DMs is getting slightly worse, and the spammer in question is evolving their tactics to evade the very rudimentary options we have built-in to lemmy itself (or should I just call it,non-existent?). To get ahead of this, we deployed a DM-scanner directly in the DB, based off of this code but adjusted so that it's more difficult to pull off shenanigans.

At the moment we're only deleting messages based on the "fediverse chick" spam. However I want to point out that if for some reason you legitimately DM someone on dbzer0 with similar terms, you DM might get deleted, so do be aware about that. Them's the breaks.

Unfortunately I can't reveal the exact code I'm using atm, as this can lead to the spammer adjusting their tactics to evade it. However I plan to adjust threativore to also be able to ma

cross-posted from: https://lemmy.today/post/25826615

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intend

cross-posted from: https://feddit.org/post/9295990

cross-posted from: https://lemmy.dbzer0.com/post/39623534

Title: Too many nicoleposters on lemmy.

Seriously. I keep getting reports (admin) of her DMs but i never see anything actually harmful on her messages. A matrix room [full of racists :/] A discord room, basically full of shitposters. And both of these have an admin, just completely inactive. I will try to DM her directly, and visit the other links.

Who is the woman in the picture? Certainly not "nicole" that we know. Might it be a harassment campaign against her?

I've noticed a huge wave of spam, with a lot of motifs in applications too. Is this all related? Is this a huge conspiracy or am i looknig too deep in nicole???

cross-posted from: https://lemm.ee/post/58279293

cross-posted from: https://lemmy.world/post/26578187

cross-posted from: https://lemmy.world/post/25050990

Should I give her my CC number to keep her company?