Welcome post: https://lemmy.zip/post/40323214
Voyager change: https://lemmy.dbzer0.com/post/45890744
deleted by creator
That’s very kind of you ❤️
I still can’t take anyone running a .zip TLD seriously. It was bad idea to create it and it’s a bad idea to use it.
Is there any PoC of attacks on Lemmy using .zip TLD ? The instance has been up for 2 years, I never heard anything
Targeting Lemmy specifically? probably not, but that’s not really the issue. It’s not that being a .zip address makes the server vulnerable, it’s that the existence of the .zip TLD makes everyone vulnerable:
Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until “the dust settles and risks can be assessed”.
https://en.wikipedia.org/wiki/.zip_(top-level_domain)#Security_concerns
Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.
Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.
https://dnsrf.org/blog/the--zip-tld---ripe-for-abuse--but-so-far-so-good-/index.html
Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.
Not sure if that tone is the best for a healthy debate.
lemm.ee refugee here. I was considering piefed, but photon didn’t support it.
Now that the API is there, hopefully it will in the future
Im currently usong boost with .ee, but i think support for that stopped too? Im going to have to change clients and instances
lemmy.zip doesn’t allow users from the UK.
Can you recommend an instance with a federation policy as wide as lemm.ee? Lemmy.zip, for instance, does not federate with hexbear, right?
Both list of blocked instances are in the body of this post
Lemm.ee federates HB, and lemmy.zip does too.
Feddit.uk is pretty good for this. I think our defed list is pretty minimal.
We do federate with HB at .zip. No defederations from major instances.
take a peek at lemmy.sdf.org
Removed by mod
You guys are making me feel left out :(
