473

submitted 1 day ago by ada to c/main

71 comments fedilink

Firstly, apologies to everyone for the extended downtime. Unfortunately, it was for a pretty bad reason. We were hacked.

The bad news is that it was a comprehensive attack, and the attackers had privileged access to our database system, across all of our services (except for writefreely, which doesn't use postgres). From what we can tell, the attacker did not do anything with that access, so we don't believe any user data was accessed, but we can't be certain of that. For lemmy, the impact of this should be minimal. If you registered with a real email address, they may have that. User passwords are encrypted in the database, so if you were using a secure, non trivial password, it should be safe, but you should still change it. You should also reset your 2 factor authentication if you had it enabled, as the seeds for these are not encrypted.

Our understanding is that the attacker used a peertube exploit, then a postgres exploit and then a kernel exploit to systematically gain access to different layers of our database server. A side effect of the hack was that it filled up our database servers hard drive, and caused it to fail over to our backup, which we believe mitigated some of the potential fall out.

We have had to reset activitypub keypairs for every account and community on lemmy, so there may be some federation hicoughs for a day or so, until remote servers have dropped any cached copies of our users public keys. This is uncharted territory though, so hopefully it's as smooth as we think it will be, but we can't be sure!

As stated earlier, our writefreely instance is still up and running as it wasn't impacted by this attack. Vernissage (our pixelfed replacement) has been brought back online, as has our matrix server.

We will be bringing up Sharkey, and then Piefed hopefully later today, but we have to rotate keypairs on those services too, which is also uncharted territory, so the timelines are hopes, not guarantees. At this point in time, we don't plan on bringing pixelfed back online, as it was slated for shutdown in August in any case. If people still need access to pixelfed to export data, we can spin it up briefly if needed, so please reach out if this is you. We also won't be bringing peertube back up at this point. It was not heavily utilised, and it was the source of the attack, so Kaity is a bit gun shy about spinning it back up on shared database infrastructure. If there is a strong desire to bring peertube back, we can consider doing that on isolated hardware, but at the current utilisation level, it doesn't seem worth the cost/effort to run it isolated.

in any case, you can read a fuller explanation of the attack by Kaity here https://pen.blahaj.zone/supakaity/weve-been-hacked

The Swamp of Sadness (lemmy.zip)

submitted 1 hour ago by almost1337@lemmy.zip to c/politicalmemes@lemmy.world

3 comments fedilink

British Charlie Kirk wannabe beaten up debating people in Manchester (metro.co.uk)

submitted 1 hour ago by Quokka@quokk.au to c/world@quokk.au

8 comments fedilink

Young Bob Manchester assault: Three people arrested after remigration activist set upon by youths

Crossing the rainbow bridge today, ilysm Juneau (lemmy.blahaj.zone)

submitted 1 hour ago by WeirdyTrip to c/dogs@lemmy.world

5 comments fedilink

Just let go of Juneau, 14 years old, adopted him 12 years ago. A true fetch fiend, and a great guard dog, he was ever vigilant even to his last days. My head knows it was his time, but my heart is fucking ragged right now. RIP Junebug 💖

So that's where they come from! (lemmy.world)

submitted 1 hour ago by AMillionMonkeys@lemmy.world to c/microblogmemes@lemmy.world

1 comments fedilink

Low on Fuel, Russian Frigate Drifts in the English Channel (maritime-executive.com)

submitted 1 hour ago by homesweethomeMrL@lemmy.world to c/news@lemmy.world

5 comments fedilink

cross-posted from: https://lemmy.world/post/48386070

Manic Trump, 80, Lashes Out at Everyone Trashing His Surrender in 4:32 A.M. Meltdown (www.thedailybeast.com)

submitted 59 minutes ago by sanitation@lemmy.today to c/politics@lemmy.world

3 comments fedilink

NASA, with the tampons. (slrpnk.net)

submitted 56 minutes ago by MadMadBunny@lemmy.ca to c/startrek@startrek.website

0 comments fedilink

cross-posted from: https://slrpnk.net/post/39279251

Beers

There's a secret fish fuck facility for the rarest fish ever (lemmy.today)

submitted 1 hour ago by Wren@lemmy.today to c/BrandNewSentence@lemmy.today

1 comments fedilink

There is no pro capitalist left (lemmy.ml)

submitted 1 hour ago by cm0002@mander.xyz to c/actualsocialism@lemmy.dbzer0.com

0 comments fedilink

Happy rule month (lemmy.zip)

submitted 1 hour ago by almost1337@lemmy.zip to c/196@lemmy.world

0 comments fedilink

Bakers are really undervalued. It is very hard to make a good looking dessert. (lemmy.zip)

submitted 16 minutes ago* (last edited 1 minute ago) by disregardable@lemmy.zip to c/veganhomecooks@lemmy.world

0 comments fedilink

I am very proud of my exactly 1 properly executed Juneteenth red, white, and blue swirl cookie.

134

Andrew Tate’s brother charged with assaulting woman Influencer allegedly attacked victim as ‘punishment’ for refusing to film pornographic content (www.telegraph.co.uk)

submitted 2 hours ago by EatingOnions@lemmy.world to c/world@lemmy.world

7 comments fedilink

Sunbathing (lemmy.world)

submitted 1 hour ago by FancyPantsFIRE@lemmy.world to c/squirrels@lemmy.ca

0 comments fedilink

Caught this one having a good sun bath.

There is no pro capitalist left (lemmy.ml)

submitted 2 hours ago by yogthos@lemmy.ml to c/socialism@lemmy.ml

0 comments fedilink

Reality mimics art (lemmy.ml)

submitted 1 hour ago by bubblybubbles@lemmy.ml to c/simpsonsshitposting@sh.itjust.works

0 comments fedilink

Turns Out, There Really Is a Cabal of Elite Crazies Trying to Control the World (www.esquire.com)

submitted 2 hours ago by ChaoAmber@feddit.uk to c/billionaire@lemmy.ca

2 comments fedilink

Here’s a little touch of The Twilight Zone, coming from an amazing report in Wired. It’s about Dialog, a secret cabal of elites led by Peter Thiel, who has as many crazy ideas as he has dollar bills and who has enough rich and powerful people who share them to be a genuine concern.

DOJ rebuffs judge's request to put in writing it won't move forward with 'anti-weaponization' fund (www.cnbc.com)

submitted 1 hour ago by lemmy_news@lemmy.wtf to c/economy@lemmy.world

1 comments fedilink

Dank (lemmy.ml)

submitted 1 hour ago by bubblybubbles@lemmy.ml to c/TheShitpostOffice@lemmy.dbzer0.com

0 comments fedilink

Cyclists push back against plan to widen lanes and remove bike lane on Chattanooga’s Main Street (youtu.be)

submitted 2 hours ago by ratrace@lemmy.zip to c/fuck_cars@lemmy.ml

0 comments fedilink

Woaaahhhhh (lemmy.ml)

submitted 1 hour ago by bubblybubbles@lemmy.ml to c/starwarsmemes@lemmy.world

6 comments fedilink

British Charlie Kirk wannabe beaten up debating people in Manchester (metro.co.uk)

submitted 2 hours ago by G4Z@lemmy.world to c/unitedkingdom@feddit.uk

12 comments fedilink

Oligarchy is worse than you think [48:46] (www.youtube.com)

submitted 1 hour ago by FenrirIII@lemmy.world to c/mealtimevideos@lemmy.cafe

0 comments fedilink

cross-posted from: https://lemmy.world/post/48358893

Germany eyes heat pumps as Iran war drives energy costs up (www.dw.com)

submitted 1 hour ago by lemmy_news@lemmy.wtf to c/economy@lemmy.world

0 comments fedilink

Dun-dun-dun-dun (startrek.website)

submitted 2 hours ago by xkbx@startrek.website to c/lemmyshitpost@lemmy.world

6 comments fedilink

Blåhaj Lemmy

10,432 readers
391 users here now

Blåhaj Lemmy

Blåhaj Lemmy is brought to you by the kind folk at Blåhaj Zone, and while anyone is free to register for an account here, please bear in mind that this is a server that is very protective of our minority members and bigotry of any variety will be squashed with great prejudice.

We have several alternative lemmy frontends you can use. Just login with your regular blahaj login details.

We have a public matrix channel for all Blahaj users at #blahaj:chat.blahaj.zone

We also have a matrix channel for gender diverse folk and our allies! If you're already a matrix user, you can head straight to our application room https://matrix.to/#/#gv-apply:chat.blahaj.zone, or by searching for #gv-apply:chat.blahaj.zone from within your matrix client.

If you're new to matrix, you can find some more details and an instruction video on how to get up and running here https://chat.blahaj.zone/c/genderverse/

Community Guidelines

Blåhaj Lemmy is a space where everyone should feel able to participate safely, and to that end, our community is built on the guiding philosophies of empathy, inclusion and acceptance.

Empathy

We want our community members to be guided by compassion and empathy for others.

Examples of behaviour that are contrary to this philosophy are personal attacks, insults, doxing etc. If your comment is designed to hurt someone, this isn't the space for it.

Inclusion and Acceptance

Embracing inclusion and acceptance means listening when people tell you who they are and what their needs are. It means not telling people that you know their experiences better than they do. It means not gatekeeping experiences of identities of others. It means no bigotry such as racism, sexism, anti LGBT commentary, ableism etc. It means doing your best to ensure that you don't over-talk the voices of folk who don't share your privileges.

Supporting Blåhaj Lemmy

After much hesitation, we have a Ko Fi to enable people to help with supporting some of the running costs associated with our instances.

Providing a safe space for our community is the goal, so please only consider donating if you are in a position to do so without any financial stress.

Mascot and logo

Find out about our mascot Shonky (they/them) who appears on our site logo here.

founded 3 years ago

ADMINS

blahaj

ada

supakaity

will_steal_your_username

robota