Programming

13361 readers

28 users here now

All things programming and coding related. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago

MODERATORS

[email protected]

Could a malicious user bring down small lemmy instances by over-subscribing? (sh.itjust.works)

submitted 1 year ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

I just read how the federation works, but I'm worried about a growing pain. Say I was a malicious user, could I bring down a smaller Lemmy instance by subscribing to as many communities as possible? Or maybe even subscribing to a malicuous Lemmy instance that keeps spamming thousands of posts every second?

Couldn't that easily fill up a server's storage and effectively bring a server down? I guess you could block the malicious Lemmy instance (although wouldn't it be easy to create another?) and ban a user that subscribes to too many instances, however, it feels to me like a very hard problem to solve

top 3 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I'd put money that a large number of Lemmy instances are hosted on low end hardware that people have laying around. The bigger ones are dedicated hardware or cloud instances, but also the default rate limits are pretty high. As another user said, it would be trivial even before considering actual storage limits

[–] [email protected] 1 points 1 year ago

DDOSing a Lemmy node would be trivial. The real traffic has takes down a few already. If it starts to happen maliciously, there are mitigations.

It's a lot easier just to screw with the network than it is to try to overload it outright.

[–] [email protected] 1 points 1 year ago

Only one way to find out!