In short, the Discourse image downloader never stops sending requests. Even after an hour, running tcpdump on Discourse server still shows outgoing traffic.
Additionally, enough of those posts saturate Sidekiq, breaking the whole downloader functionality:
Haven’t tested that yet, but made the topic invisible in the case it’s a potential risk.
FYI, next time your report an attack, can you please either send a PM to one of the member of the team or email team@discourse.org instead of writing a public topic?
It seems like you can only break Sidekiq for half an hour or so. If you do leave an open slot for heartbeats, however, the server will keep following the link until manually stopped.