this post was submitted on 09 Aug 2023
442 points (95.5% liked)

Lemmy.World Announcements

29077 readers
8 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages πŸ”₯

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

Donations πŸ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
442
Lemmy World outages (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by lwadmin@lemmy.world to c/lemmyworld@lemmy.world
 

Hello there!

It has been a while since our last update, but it's about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.

So let's go over some of these misconceptions together.

"Lemmy.World is too big and that is bad for the fediverse".

While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse.Β If you want actual numbers you can have a look here:Β https://fedidb.org/network

The entire Lemmy fediverse is still in its infancy and even though we don't like to compare ourselves to Reddit it gives you something comparable.Β The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.

And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of anyΒ platform looking to be shaped by its members.Β 

"Lemmy.World should close down registrations"

Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what's what would scare a lot of those people off. They probably wouldn't even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.

Which brings us to the third point:

"Lemmy.World can not handle the load, that's why the server is down all the time"

This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.

The problem is that for a couple of hours every day we are under a DDOS attack. It's a never-ending game of whack-a-mole where we close one attack vector and they'll start using another one. Without going too much into detail and expose too much, there are some very 'expensive' sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.

So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy.Β They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That's one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target. Β 

"Why do they need another sysop who works for free"

Everyone involved with LW works as a volunteer.Β The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything.Β As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.

We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.

top 50 comments
sorted by: hot top controversial new old
[–] md5crypto@lemmy.world 23 points 1 year ago

Endless DDOS attacks. Sigh.

[–] cyborganickname@lemmy.world 21 points 1 year ago

Thank you for your time & efforts in maintaining this platform. I (and many others I'm sure) have great respect for the work you do in trying to combat this menace. The community is completely behind you and appreciates the value of this resource.

[–] kadu@lemmy.world 17 points 1 year ago (1 children)

What I find most ridiculous about people claiming lemmy.world is too big and therefore bad for the Fediverse is simply... Have you people wondered why it got so big?

During the crucial first weeks of the Reddit migration, the single time period with the most chance of bringing new users, pretty much all larger Lemmy instances closed their registrations - they couldn't handle the influx. Other big ones decided to immediately defederate everybody, they were afraid of having to moderate content. And a few did remain open and federated, but they were also extremely niche and focused on their own political side of the spectrum.

Lemmy.world however remained open, remained with active admins that helped the first moderators, and kept upgrading the server at a very fast rate - you might forget it now, but Lemmy was massively slow and frustrating and then a new Lemmy.world update would drop and it would feel like a different website.

So yeah, "bad for the Fediverse" for being the only instance that kept up with the demand at the most necessary time.

Thanks Lemmy.world team.

[–] capt_wolf@lemmy.world 0 points 1 year ago* (last edited 1 year ago) (1 children)

I'm convinced now that people saying something is "Bad for the fediverse" is just their ignorance and xenophobia showing.

Look at the shitposting or lemmy memes going around and you'll see a lot of people are actually afraid of users coming from reddit and spoiling the experience here.

I'm sure others don't want us growing because, consciously or unconsciously, they won't have as much traction or get as much attention. More people means you have less of a voice.

We can't argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining. It just doesn't work that way.

People complaining about the size of a social media platform are missing the point of a social media platform...

[–] antonim@lemmy.world 0 points 1 year ago (1 children)

This is the first time in my life I've seen dislike of the userbase of an another site called 'xenophobia'.

Especially weird since 90% of Lemmy is fresh off reddit themselves.

Personally I just don't want the shitty aspects of the reddit community seeping over here. It's a fact that reddit userbase has been facebookised, to the degree where I frequently see people who are outright stupid (repeatedly posting threads to wrong subreddits, ignoring mod messages, unable to comprehend basic English... stuff that I'd expect to see on Facebook and not reddit), or focused on memes and quips to the point where any discussion is flooded with such moronic content. There's still (at least) tens of thousands of people on reddit who I'm sure would be great contributors on Lemmy too if they decide to switch, and I hope they will. But I don't want all of reddit here. Is that really so bad, to not want to look at unfiltered normie crap? Reddit was good (if it ever was good) precisely because it was a bit elitist in its design and its culture.

We can’t argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining.

Maybe people can join somewhere else too? Make a Fediverse equivalent of Facebook/Instagram or something. Lemmy is not all of Fediverse and doesn't have to be for everyone.

Like half of your complaints are literally good things. Yes, people want to be heard and not practically hidden from 90% if they don't get enough upvotes on their post/comment during the crucial early time frame, as on bigger reddit subs. Lemmy is not a social media platform anyway, its goal is not to facilitate socialisation among the users and it doesn't need many millions of users to work well.

[–] EmperorOfTexas@lemmy.world 0 points 1 year ago

I don't want all of Reddit to come flooding in all at once.

But one thing I've noticed is that the entire Fediverse has a lot of instance-specific stuff going on. It's really a question of finding the right instance for you. For example, I didn't particularly like mastodon.social as an instance of Mastodon, but I've found other instances where I gel with the userbase well. It's actually made the experience more pleasant.

If you're willing and able, setting up a Lemmy instance for some specific community is actually a good idea. During my holiday break, I'm going to be working on setting up Lemmy for my town and maybe even a club website that I have been assigned control over. .world will suffice in the interim.

[–] cpo@lemmy.world 17 points 1 year ago

Well thanks for the update and your hard work. I am currently using lemm.ee as a backup account so that I can at least have my fix.

Hope the bastard(s) who are ddossing the server get some nice tropical diseases.

Lemmy.world also was my first step into the fediverse.

[–] joklhops@lemmy.world 16 points 1 year ago

keep fighting the good fight <3

[–] Lugh 12 points 1 year ago (4 children)

I wonder what motivated any DOS attacks.

[–] Sharkictus@lemmy.world 6 points 1 year ago

Cyber-jackasses or cyber terrorists, likely the first.

A cyberpirate wants money.

A cyber terrorist has ideology or want to watch the world burn

Most actually successful cyber attacks globally are just trolls who want to have fun. This is why many, with their automated attack patterns, try to avoid children's hospitals and critical infrastructure, but cyber terrorist with ideaology or want the world to burn attack those.

Giving lemmy is not that important yet, and theirs a ton of alternatives outside fediverse, it's all volunteer, it would be cyber-jackasses, or want to watch the world burn cyber terrorists. Not pirates, not governments, not corpos.

[–] webz45@lemmy.world 4 points 1 year ago

Some people just like to watch the world burn.

[–] md5crypto@lemmy.world 2 points 1 year ago (1 children)
[–] cum_hoc@lemmy.world 2 points 1 year ago

Hello friend

[–] CosmicCleric@lemmy.world 2 points 1 year ago

An opposing business that has a lot to lose maybe. /shrug

[–] Piers@lemmy.world 7 points 1 year ago (1 children)

The conversation gets a bit scrambled/broken up by disruptive/toxic people but this is a comment chain on lemmy.ml two weeks ago about SQL issues and challenges in getting the Lemmy Dev team to address them that might be worth reading:

https://lemmy.ml/comment/2100093

[–] jarfil@lemmy.world 3 points 1 year ago

The Lemmy Dev team have long ago stated they're no experts in PostgreSQL tuning, and that any help is welcome.

In the thread you linked, a guy is just accusing them of what they themselves admitted, then refusing to help. Meanwhile, others have been submitting SQL related PRs all the time, which have been merged.

[–] Jodio_Joestar@lemmy.world 6 points 1 year ago

All support to Y'all, Keep Going!

[–] wolfcatreader@lemmy.world 6 points 1 year ago

πŸ™ πŸ™Œ

[–] sverit@feddit.de 4 points 1 year ago (1 children)

Are DDoS protection services like those from Akamai, Arbor Networks, Link22 etc an option? Those are tested as ok by the German Federal Office for Information Security.

[–] ComplacentGoat@sh.itjust.works 9 points 1 year ago (2 children)

I don't believe it would work for this case. Typical DDoS is just sending a ton of junk packets at a server at the max bandwidth of the network of bots an attacker has at their disposal. Very easy to block for a large cloud provider with multi-terabit connections and multiple redundant data centers. This is different, they're asking the server to send them large amounts of information on repeat, or process massive amounts of data. The attacker is targeting the servers hardware itself through legitimate processes, so a third party wouldn't really be able to do much.

[–] Photographer@lemmy.world 5 points 1 year ago

Surely there is a way to rate limit clients so that normal users are rarely effected but a DDOS would need thousands of clients to be effective?

[–] sverit@feddit.de 1 points 1 year ago

Yeah, I would guess it's something like very long search terms concatenated with logic operators? These should be kind of database heavy? Or does indexeing make this easy?

[–] cum_hoc@lemmy.world 3 points 1 year ago (4 children)

So if we were to point fingers to anyone, who would it be?

[–] Photographer@lemmy.world 6 points 1 year ago (1 children)

Elon Musk, Donald Trump and that Greedy Pigboy.

load more comments (1 replies)

Whoever's doing the attacks. We don't know who.

[–] Piers@lemmy.world 2 points 1 year ago

Two directions at once. It wasn't long ago I saw someone very irate that these SQL issues needlessly exist, and that they had repeatedly tried to tell the Lemmy devs that they are an issue and been shrugged off about it. So the Lemmy devs who have decided that not acknowledging the problem is the same as the problem not existing are definitely partly to blame.

Mostly though the person to blame is whomever is a using whatever weaknesses exist to try to disrupt Lemmy.World because of their own personal bullshit.

[–] sab@lemmy.world 1 points 1 year ago

With a ddos, there's no way of knowing. But given that the attacks are this mild, probably not someone we've heard of.

[–] Rambler@lemm.ee 3 points 1 year ago

A fantastic job is being done by you folks - obviously in the face of adversity. Given the amount of users on the instance is at a critical point, would it not be possible to 'move' accounts off it onto other less populated instances ?

Keep up the great work folks - I sympathise for ya.

[–] eek2121@lemmy.world 2 points 1 year ago (1 children)

Have you guys contacted law enforcement? It may surprise you. A startup I worked for had the same issue and contacted the FBI. They were able to quickly (within hours) find the person doing it despite him using VPNs and other tools for OpSec.

[–] Lemmylefty@lemmy.world 0 points 1 year ago (1 children)

I’d imagine that there are a lot of users and communities on here that want law enforcement as far away from the Fediverse as possible…

[–] gabe@literature.cafe 0 points 1 year ago* (last edited 1 year ago) (1 children)

The risk that would create for vulnerable communities on here would be deeply irresponsible.

[–] glorious_albus@lemmy.world 0 points 1 year ago (1 children)

Right. Because FBI doesn't already monitor any suspicious activity.

[–] gabe@literature.cafe 1 points 1 year ago

They fuck with left leaning groups and try to intentionally destabilize them πŸ€·β€β™‚οΈ

[–] fox2263@lemmy.world 1 points 1 year ago

Are you guys using a load balancer at all? How about a tool like CrowdSec?

I use that and the nginx Bad Bot Blocker to stop malicious shits on the sites I operate (medium-large e-commerce) to great success. We used to get scraped heavily by competitors but now they get the middle finger.

I presume you have fail2ban too?

[–] Imkeen@sh.itjust.works 1 points 1 year ago

Appreciate it

[–] Fish@midwest.social 1 points 1 year ago

I have nothing bad to say about Lemmy.world, but I do recommend that people move away from it in order to better decentralize Lemmy. Here is some useful information for people wanting to move instances.

For a list of instances, along with with stats for those instances:

https://fedidb.org/software/lemmy or https://lemmyverse.net/

Also, tools for migrating instances:

https://github.com/CMahaff/lasim (easy) - Latest Version Download (just select your OS type and run the program)

https://github.com/wescode/lemmy_migrate

https://github.com/Ac5000/lemmy_account_sync

[–] TheSmartDude@lemmy.world 1 points 1 year ago

Will these occur in the near-future?

[–] z500@startrek.website 1 points 1 year ago

Nam flashbacks to DALNet getting DDOSed to death for no reason

[–] Lemmylefty@lemmy.world 1 points 1 year ago

In all seriousness, we all appreciate your work. These are the growing pains that are to be expected, and your hard work and transparency (and writing it up at a level that even I can understand) is welcome.

[–] SloppyPuppy@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

Im a data engineer with 20+ years of experience in sql and various databases, I do performance tuning on daily basis. How can I help? Please message me if you think you can use me. Id be very happy to help where I can!

[–] EatMyDick2@lemmy.world 0 points 1 year ago

I hope you reported this to the FBI so they can investigate this group, all too often you find people who commit cyber attacks and are never prosecuted for their crime because no one filed a report. With any luck they'll get a lengthy prison sentence and learn what the real world is like outside of the digital realm scrubbing toilets with a toothbrush.

[–] Demigodrick@lemmy.zip 0 points 1 year ago (1 children)

Ah no, sorry, while I sympathise with your technical issues, the rest of your post is disingenuous at best.

Lemmy.world being too big is bad for Lemmy as a product/software/"brand" etc - your downtime, being the instance most people link to, is a LOT of people's first impression and when it spends time being down, people associate THAT downtime with Lemmy, and not the hundreds of other instances that don't have downtime.

The issue isn't even about you being the biggest instance, its the absolute imbalance in both users and communities on one instance and you willingly allowing it continue. If you genuinely cared about Lemmy, you would close registrations now.

You have enough "technical" people to build your own instance from the source code with that change for the banner built in (and you could go ahead and submit the PR/Issue anyway), but you haven't - instead placing the blame on the developers. Hell, you only made the PR 5 hours ago after weeks of other admins asking you to close the instance.

You could even make the simple change to the sign up link instead lead to join-lemmy, but for whatever reason you want to continue to be the biggest instance and don't care about the wider lemmy ecosystem and the effect that it has.

[–] raspberry_confetti@lemmy.ml 0 points 1 year ago (1 children)

They are inadvertently helping Lemmy become more robust

[–] Redtitwhore@lemmy.world 1 points 1 year ago

I was just thinking it could be someone with that goal in mind. Better to fix this stuff now.

load more comments
view more: next β€Ί