I just read how the federation works, but I’m worried about a growing pain. Say I was a malicious user, could I bring down a smaller Lemmy instance by subscribing to as many communities as possible? Or maybe even subscribing to a malicuous Lemmy instance that keeps spamming thousands of posts every second?
Couldn’t that easily fill up a server’s storage and effectively bring a server down? I guess you could block the malicious Lemmy instance (although wouldn’t it be easy to create another?) and ban a user that subscribes to too many instances, however, it feels to me like a very hard problem to solve
You generally configure download limits and once reached the activity pub will start dropping oldest items. So as a malicious actor you might make other user’s experience slightly slower if they browse older posts but not horrible. And by that point an admin should notice such activity and kick you.
I wonder if such an activity can be automated (the fix you suggested, not the malicious activity)
You mean the blocking of malicious accounts/IPs creating high traffic right?
I’m sure hackers will find some way to cause denial of service at the very least, but that’s only good… Let’s learn about the weaknesses and fix them.
DDOSing a Lemmy node would be trivial. The real traffic has takes down a few already. If it starts to happen maliciously, there are mitigations.
It’s a lot easier just to screw with the network than it is to try to overload it outright.
Only one way to find out!
I’d put money that a large number of Lemmy instances are hosted on low end hardware that people have laying around. The bigger ones are dedicated hardware or cloud instances, but also the default rate limits are pretty high. As another user said, it would be trivial even before considering actual storage limits