There have been users spamming CSAM content in [email protected] causing it to federate to other instances. If your instance is subscribed to this community, you should take action to rectify it immediately. I recommend performing a hard delete via command line on the server.

I deleted every image from the past 24 hours personally, using the following command: sudo find /srv/lemmy/example.com/volumes/pictrs/files -type f -ctime -1 -exec shred {} \;

Note: Your local jurisdiction may impose a duty to report or other obligations. Check with these, but always prioritize ensuring that the content does not continue to be served.

Update

Apparently the Lemmy Shitpost community is shut down as of now.

  • mlfh@lemmy.ml
    3·
    1 year ago

    If you aren’t going to fully wipe your drive in horrible events like this, at the very least use shred instead of rm. rm simply removes references to the file in the filesystem, leaving the data behind on the disk until other data happens to be written there.

    Do not ever allow data like that to exist on your machines. The law doesn’t care how it got there.

  • lea@feddit.de
    1·
    1 year ago

    I nuked my personal instance because of this :(

    Dealing with pictrs is just frustrating currently since there’s no tools for its database format and no frontend for the API. I half-expected this outcome but I hope it gets better in the future.

    • Skull giver@popplesburger.hilciferous.nl
      1·
      1 year ago

      I’m in the process of hopefully writing a tool to make deletion a bit easier, basically purging all the content not uploaded on my personal server. I can’t help but feel like pict-rs is not ready for prime time yet.

      There is no API endpoint to list all images known in the system. There is no direct connection between posts and images, or even images and users, even if they’re cached locally. This is way more painful than it needs to be.

      • Toribor@corndog.socialEnglish
        1·
        1 year ago

        Pict-rs has been the single largest pain of self-hosting a tiny Lemmy instance. I really hope things improve. I like hosting it myself but I can’t do it as a second job, having to figure out my own hacks and workarounds just to keep it running and not serving up illegal crap.

        • Skull giver@popplesburger.hilciferous.nl
          1·
          1 year ago

          About a month after I commented that, pict-rs added the external_validation URL for pre-processing. I haven’t looked into it myself, but Lemmy servers can now run images through a CSAM detector before uploading.

          Combining pictrs-safety and fedi-safety should help prevent the most immediate issues. However, fedi-safety requires a GPU for any kind of efficient processing, and I don’t have anything compatible available. I could waste many CPU cycles on running that stuff on the CPU, but I’m not going to bother with that.

          Once illegal crap makes it to your server, you need to check your local laws before deleting it. Some jurisdictions require you to keep the files (but deny access) for evidence, and require you to notify the authorities. This stuff is exactly why self-hosting social media sounds nice but sucks in practice.

          • Toribor@corndog.socialEnglish
            2·
            1 year ago

            Thank you! I was looking into running this a week or two ago when I was doing some maintenance but I gave up and shelved the project for later due to the complexity. My Lemmy instance is running in AWS and I’m going to have to put some work into my network setup on both ends to be able to connect to a computer with a GPU at home.

            I’m glad the community is working to resolve some of these issues. Hopefully some of this will get easier and more cost-effective.