What I know so far:

  • vlemmy is still “up” and intermittently accessible. It is running slow as hell, PLEASE DO NOT VISIT THE INSTANCE as it will likely only slow things down more and make it inaccessible again.

  • Stripe, Librepay, and Github accounts are all closed. Closure date unknown
  • Reddit account still exists and has been messaged
  • No mentions of the instance in Element.io chats but still searching
  • They have almost certainly NOT lost their domain. Who.is historical records show no ownership or nameserver changes.

I have some minor personal details I’ve found that I’ll be deep driving on later, but it’s 1AM EST. I’m heading to bed but will continue on the investigation around 9AM EST.

Update 1PM EST July 9th:

Hi all, I’m working through about 40 different potential leads right now.

Although I need some help! Specifically, I need people who have viewed [email protected] to check their browser cache for this image:

https://vlemmy.net/pictrs/image/928b2f95-a37c-4e94-bd70-bc014c8655d4.jpeg

You can do so using one of the following NIrsoft tools:

I’m hoping since it’s a historic image linked to their internet presence that it might generate specific leads.

I’ll update more as things progress.

  • filthy_lint_ball@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    While I understand everyone’s belief that the admin, @[email protected], abandoned the instance, I do not believe so for a few key reasons:

    1. They asked for additional admins no less than 24h before the first connection issues. This indicates their willingness to put in work for the instance and expand.
    2. They raised a legal issue with having to defederate from an instance just a few hours prior to the connection issues. The instance in question was hosting content that can be seen as child pornography in Irish law - which is where vlemm.net is hosted. @[email protected] was incredibly transparent with this issue. This level of transparency makes me doubt they would suddenly disappear purposefully. Speculatively I can guess that the legal issues may be connected to the going-dark.
    3. The site is still occasionally loading, but extremely slow and not correctly. In addition to this, it shows a logged in user (PrinceHabib72) - which is not me. There was a known security vulnerability in lemmy (see here ). The vulnerability includes cookie / token immitation and stealing. Having a logged in user (that is not me) when loading the site thus rings alarm bells to me. Apart from the logged in user, the inability to properly load the site most times but sometimes parts of it load (and the remaining requests time out, like getting icons and content etc.), screams denial-of-service to me.

    Just like the other people in this thread, these are speculations. However, I have a weird feeling in screaming ‘abandon’ here. Given everything observed, that does not feel right to me.

    • carbotect@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Why would the admin close the donation platform accounts immediately after this supposed attack?

      Why did they not create a second account to clarify right here, what happened?

      I personally could (after many tries) load the site with my account logged in and saved my list of subscriptions.

      Can you replicate the PrinceHabib screenshot in incognito mode?

      Maybe this is some Lemmy glitch that randomly gives you access to other users’ accounts under very specific circumstances?

      I personally think that the admin got busted by the IRS or got involved with law enforcement for a reason unrelated to Lemmy, which is why their payment accounts got flatlined.

      Vlemmy maybe is just running on their homeserver, but the server has some issues, that the admin can not fix right because they are in prison/in a hospital/dead or something similar.