LemmyNet / lemmy

🐀 A link aggregator and forum for the fediverse
https://join-lemmy.org
GNU Affero General Public License v3.0
13.3k stars 882 forks source link

Instance banning a remote user should prevent them from participating in remote versions of communities #3399

Open sunaurus opened 1 year ago

sunaurus commented 1 year ago

Requirements

Is your proposal related to a problem?

Problem

When a user from instanceA is banned from instanceB, they are not prevented from making posts in instanceB communities. These posts do not show up outside instanceA, but this still means that future ban-worthy content from the banned user will be shown to all other users of instanceA, and the mod teams of instanceB will be powerless to improve the content for other users from instanceA.

Additionally, it seems that under certain conditions, these local-only posts from banned users can reach out to the wider federated network, for example, when a user from another instance searches for the post's url.

Describe the solution you'd like.

Solution

Instance bans would ideally work just like community bans - they would be federated and go into a new site_person_ban table, which could be checked everywhere that currently checks community_person_ban, and if a ban exists in either table, the users action would be prevented.

Describe alternatives you've considered.

N/A

Additional context

No response

0xAnansi commented 1 year ago

Couldn't this be used to DoS instances by creating a huge amount of bots with the intent to get banned, getting banned and then propagate this ban to all the instances, filling up their databases?

lionirdeadman commented 1 year ago

Lemmy already federates the banned list and modlog. I don't see why this would be any worse than those things federating. Arguably, community bans would even be worse in that vector if someone wanted to do this for every community rather than a site-wide ban.

ghost commented 1 year ago

Couldn't this be used to DoS instances by creating a huge amount of bots with the intent to get banned, getting banned and then propagate this ban to all the instances, filling up their databases?

It's already a thing Guess we should approach that the same way we approach spam posts etc.

Screenshot 2023-06-27 at 21-54-30 Custom Emojis

0xAnansi commented 1 year ago

Couldn't this be used to DoS instances by creating a huge amount of bots with the intent to get banned, getting banned and then propagate this ban to all the instances, filling up their databases?

It's already a thing Guess we should approach that the same way we approach spam posts etc.

wth 💀

techno156 commented 1 year ago

Couldn't this be used to DoS instances by creating a huge amount of bots with the intent to get banned, getting banned and then propagate this ban to all the instances, filling up their databases?

Would that even work? I can't imagine the ban list is particularly big (since it's just text), and you'd need an unimaginably large amount of users (millions, or even billions?) to start taking up meaningful amounts of space.

It's more likely that something else in Lemmy would break before then.

At that point, it seems easier to just Federate a massive banspam list on a regular instance, without having to go to the trouble of bot accounts, and all of that.

ghost commented 1 year ago

Well, we are not saying we should scrap the idea due to potential abuse.

But it's definitely something we should keep in mind. Because right now, there is nothing that really prevents me from spamming millions of ban messages :P

Nutomic commented 1 year ago

Instance bans are federated, but its possible that they are not going through in some cases.

sunaurus commented 1 year ago

@Nutomic instance bans are only federeated into the modlog, they are not currently being checked when posting or commenting (unlike community bans). The point is that a user who is instance banned can freely post garbage in communities that are hosted in the instance that he is banned from, and this will ruin the experience for other users on his instance.

sunaurus commented 1 year ago

This is the relevant code (which currently doesn't do much) for when a remote instance ban comes in:

https://github.com/LemmyNet/lemmy/blob/main/crates/apub/src/activities/block/block_user.rs#L133

OTOH In the case of remote community bans, the bans are actually written into the local community_user_ban table (which is always checked when making posts or comments):

https://github.com/LemmyNet/lemmy/blob/main/crates/apub/src/activities/block/block_user.rs#L192

Nutomic commented 1 year ago

Ah you are talking about the user receives a site ban from an instance which is not their home instance. That is indeed not handled. Its a variation of https://github.com/LemmyNet/lemmy/issues/1205

iByteABit256 commented 1 year ago

Essentially a fix to this would be iterating over the communities of instance B, and for each one to run the code from the community ban handling, right?

Nutomic commented 1 year ago

Yes that sounds about right. So you need to change the code inside SiteOrCommunity::Site branches.

Nothing4You commented 9 months ago

additional related issue:

i've noticed that unbans and restorations can federate in some cases, overriding a local removal/ban decision. for example, if i ban a remote user, then the user gets banned and unbanned on their home instance, the user is no longer banned on my instance. if i remove content e.g. a post in a remote community, then the community's home instance removes and restores the same post, the post will also be restored in my instance.

while this certainly isn't working as intended, i think the security impact is fairly low, as such actions coming from other instances will typically lead to defederation, and similar actions could be performed by just creating new users, but i can see this, especially for the site ban, happen easily by accident, when a user gets temp banned on their home instance at any later time for likely unrelated reasons.

dessalines commented 9 months ago

Seems to be a dupe of #4118 , which I have a PR out for now.

Nothing4You commented 9 months ago

If I understand it correctly, #4464 does not address this for communities created after a site ban was issued.

sunaurus commented 8 months ago

@Nothing4You you are correct - I will reopen this issue for now as I am working on a PR for the fix already