publication croisée depuis : https://lemmy.pierre-couy.fr/post/584644
While monitoring my Pi-Hole logs today, I noticed a bunch of queries for
XXXXXX.bodis.com
, where XXXXXX are numbers. I saw a few variations for the numbers, each one being queried several times.Digging further, I found out these queries were caused by CNAME records on domains that look like they used to point to Lemmy/Kbin instances.
From what I understand, domain owners can register a CNAME record to
XXXXXX.bodis.com
and earn some money from the traffic it receives. I guess that each number variation is a domain owner ID in Bodis’ database. I saw between 5 to 10 different number variations, each one being pointed to by a bunch of old Lemmy domains.This probably means that among actors who snatch expired domains, several of them have taken a specific interest with expired domains of old Lemmy instances. Another hypothesis is that there were a lot of domains registered for hosting Lemmy during the Reddit API debacle (about 1 year ago), which started expiring recently.
Are there any other instance admins who noticed the same thing ? Is any of my two hypothesis more plausible than the other ? Should we worry about this trend ?
Anyway, I hope this at least serves as a reminder to not let our domains expire ;)
I feel like this could be abused by a bad actor by recreating instances in several ways:Use the “dead” accounts that are still mods on communities on other instances.Sneakily monitor user behavior (like votes etc.) without looking out of place.Impersonate users.I feel like it would be a good idea to start a list of the domains of dead instances and add them to a blocklist until the original people start using them again.EDIT: This doesn’t seem like a real problem due to key signing.