Lemmy.ca's Main Community

3243 readers

6 users here now

Welcome to the lemmy.ca/c/main community!

All new users on lemmy.ca are automatically subscribed to this community, so this is the place to read announcements, make suggestions, and chat about the goings-on of lemmy.ca.

For support requests specific to lemmy.ca, you can use [email protected].

founded 4 years ago

MODERATORS

[email protected]

lemmy.blahaj.zone Also Compromised (talk.kururin.tech)

submitted 2 years ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

The site is down for now but do not try to login into it.

top 12 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 2 years ago

What the hell happened here?? I get logged out of wefwef, come here to investigate, and I see something about a vulnerability???

[–] [email protected] 0 points 2 years ago (1 children)

Sounds like beehaw.org has shutdown temporarily just to be safe, sounding like a vulnerability in Lemmy.

[–] [email protected] 4 points 2 years ago (2 children)

Currently it seems to be a vulnerability with custom emojis only, which this instance never had, so currently we shouldn't be affected. However this is a developing situation and we will continue to monitor.

[–] [email protected] 3 points 2 years ago (1 children)

I just want to say I love you guys

[–] [email protected] 1 points 2 years ago

Thanks!

[–] [email protected] 1 points 2 years ago* (last edited 2 years ago)

Good job admins for staying on top of the situation!

(... and have you made a snapshot backup, just in case? 😁 )

[–] [email protected] 0 points 2 years ago* (last edited 2 years ago) (1 children)

Seems they're back up and the devs pushed out a patch for the vulnerability.

[–] [email protected] 0 points 2 years ago (1 children)

We have updated to a patched version.

[–] [email protected] 1 points 2 years ago (1 children)

It's been interesting watching this all play out on an open source social network. It's all out in the open so it caused quite the drama, but the actual order of events? Site goes down and is back up and vulnerability patched like 4 hours later? That's really impressive.

[–] [email protected] 3 points 2 years ago (1 children)

Power of the open source community.

In my opinion the "drama" was a critical part of immediately drawing attention to the voulnerabilty and bringing it to the attention of most instance admins very quickly.

Few things that have been added on my to-do list that I've learned from this.

We need more backend man power for coverage.
Major instances, and probably all instances should partner with another instance that's in an opposite time zone for emergency response. Ideally having partnered admins and backend admins with no more than 8 hours difference between each one for 24 hour reliable coverage would be ideal. Partnered admins should in my opinion have each other's phone numbers and have it set to bypass do not disturb.
We need to make sure users know how to contact admins off Lemmy for emergencies, as well as ensure that admins are tagged when a situation like this develops. (To my knowledge no lemmy.ca admin was tagged when this started to unfold.)
There's more thoughts but I can't remember them on 5 hours of sleep 😴

Any additional suggestions are welcome!

[–] [email protected] 0 points 2 years ago (1 children)

Is there a lemmy.ca mastodon account or something as an alternate place to contact/get updates?

[–] [email protected] 2 points 2 years ago

No, but that's a great idea. Thank you.