freamon@preferred.social 1 week ago
The attacker seems to be the admin of those two instances. Both instances have their registrations closed.
The alternative theory would be that these instances had open registrations, but rightly closed registration down after the admins noticed the bots. chinese.lol is on 0.18.4 with an admin with a 2 year old account, lemmy.doesnotexist.club has an admin with a 1 year account, and it was also that instance that the 'nicole' person has used before. This downvote attack would need to be a long time in the planning for what you're suggesting to be true.
asudox@lemmy.asudox.dev 1 week ago
Upon inspecting the actual website, the registrations seem to be actually open for both instances as one user pointed out. I checked the Fediseer page for these instances. What is the update delay for Fediseer?
freamon@preferred.social 1 week ago
I don't know. It's not something I'm familiar with - it might just default to saying 'closed' if it doesn't have the data.
It's interesting that the obvious bot accounts on those instances were set up in mid-March last year, so I'm guessing that these are somebody's army that they've used before, but overplayed their hand when they turned it on the DonaldJMusk person. The admins can reasonably be blamed for setting up instances with open registrations and no protections and then forgetting about them, but I'd be wary of blaming them for being behind the attack directly. The 'nicole' person is unlikely to have used their own instance - it's probably just someone with the same MO as whoever owns the bots, finding and exploiting vulnerable instances.
asudox@lemmy.asudox.dev 1 week ago
spankmonkey@lemmy.world 1 week ago
People forget about subscriptions all the time when they are cheap enough. The admin might even have some kind of grouped payment for multiple domains/sites and doesn’t bother cleaning them out to shut them down.
db0@lemmy.dbzer0.com 1 week ago
Should be 12 hours, unless they explicitly prevent us from accessing their nodeinfo.