publication croisée depuis : https://lemmy.pierre-couy.fr/post/584644

While monitoring my Pi-Hole logs today, I noticed a bunch of queries for XXXXXX.bodis.com, where XXXXXX are numbers. I saw a few variations for the numbers, each one being queried several times.

Digging further, I found out these queries were caused by CNAME records on domains that look like they used to point to Lemmy/Kbin instances.

From what I understand, domain owners can register a CNAME record to XXXXXX.bodis.com and earn some money from the traffic it receives. I guess that each number variation is a domain owner ID in Bodis’ database. I saw between 5 to 10 different number variations, each one being pointed to by a bunch of old Lemmy domains.

This probably means that among actors who snatch expired domains, several of them have taken a specific interest with expired domains of old Lemmy instances. Another hypothesis is that there were a lot of domains registered for hosting Lemmy during the Reddit API debacle (about 1 year ago), which started expiring recently.

Are there any other instance admins who noticed the same thing ? Is any of my two hypothesis more plausible than the other ? Should we worry about this trend ?

Anyway, I hope this at least serves as a reminder to not let our domains expire ;)

  • qaz@lemmy.world
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    4 months ago

    I feel like this could be abused by a bad actor by recreating instances in several ways:

    1. Use the “dead” accounts that are still mods on communities on other instances.
    2. Sneakily monitor user behavior (like votes etc.) without looking out of place.
    3. Impersonate users.

    I feel like it would be a good idea to start a list of the domains of dead instances and add them to a blocklist until the original people start using them again.

    EDIT: This doesn’t seem like a real problem due to key signing.

    • Corgana@startrek.website
      link
      fedilink
      arrow-up
      4
      ·
      4 months ago

      This is just the domain name, not the instance itself. If the instance is offline the moderator accounts will be inaccessible even if the domain name is sold.

      • qaz@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        4 months ago

        Yes, but what if someone just creates a new instance and adds previous accounts. How do other instances know that the running instance has changed and didn’t just go offline if it’s registered on the original domain?

        • 2xsaiko@discuss.tchncs.de
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          I would hope there’s some kind of key signing mechanism to prove it’s the same instance and not just someone else who’s running another on the same domain.