this post was submitted on 11 Aug 2023
283 points (93.5% liked)
Technology
59600 readers
3447 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
1: DM all admins a spy pixel.
2: Coordinate a mass effort to spam rule-breaking posts and comments at some day.
3: Distributed denial of service attack on all admin IPs on that day.
...
Profit?
I'm on kbin, so tell me: do the images open on their own on Lemmy? If not, then it works like any link one might send, image or not image. The server always can see the IP address, as it was never meant to be secret. This also assumes the admins always use a single network with a single static IP address.
Embeds are fetched and displayed without user interaction.
Not really. Send a DM to every single admin of an instance and wait until you get enough collected IP addresses. Pay someone running a botnet to flood those addresses for an hour or two.
Even with a dynamic IP address, you're still stuck with it for a while. If you're lucky, power cycling will get a new one immediately. If you're not you get to enjoy waiting for a day or sitting on hold with your ISP's support number, running through their scripted support process until you finally get to someone capable of helping.