Everyone is vulnerable, it's the nature of the beast. Even places like reddit and facebook. But admins are collaborating behind the scenes to try to work out how to slow them down in future.

There's a few specific types of vulnerabilities, and there are many nuances of the law to consider. But we, along with literally every single platform that allows user content, are vulnerable to all of them.

Right now, the discussion is around a specific community (now closed) on Lemmy.world. Any server that federates with them and has users subscribed to that community will have links to it, and may have the content cached.

There's also the risk of local users that upload directly to this server. Any server that allows images/videos to be directly uploaded is vulnerable.

There's yet another risk that a user may create a post linking to material stored elsewhere. I'm not sure how this works from a legal standpoint, but it's certainly not a good situation to be in.

The good news is that this isn't something new or unique to Lemmy. Facebook gets close to 100 million reports per year. Twitter, Reddit, etc all have comparable numbers.

The bad news is that Lemmy (and the rest of the Fediverse) is developed and operated almost exclusively by volunteers and donations. There may not be the resources needed to address these issues as needed.

Midwestsocial is federated with world where the spam is happening so yea its vulnerable, your admin could disable images or temporary defed but none are true solutions. Hopefully the next update brings new mod tools to deal with the spam in the future