Blahaj zone hacked by ada in c/main
[-] ada 2 points 54 minutes ago

We could do that by direct DB manipulation.

Blahaj zone hacked by ada in c/main
[-] ada 5 points 1 hour ago

It looks like IP addresses are stored in the DB in lemmy. It's possible that the attacker had access to those IPs, but we don't believe they accessed them.

This is the sort of thing we would turn off if we could :\

FYI, blahaj.zone is down for the next few hours by ada in c/fediverse@lemmy.world
[-] ada 4 points 6 hours ago

Our piefed instance (which hosts our remaining communities) should be back up soon!

FYI, blahaj.zone is down for the next few hours by ada in c/fediverse@lemmy.world
[-] ada 6 points 7 hours ago

Don't worry, we're back again :)

Blahaj zone hacked by ada in c/main
[-] ada 5 points 8 hours ago

Can you give me some more details on what you've run in to?

Blahaj zone hacked by ada in c/main
[-] ada 12 points 9 hours ago

Mostly no. Our smaller ones were.

FYI, blahaj.zone is down for the next few hours by ada in c/fediverse@lemmy.world
[-] ada 11 points 9 hours ago

For what it's worth, I absolutely want to see duplicate communities across multiple instances. Even if it's a backup community, folks shouldn't be left without a space if an instance goes offline, or if an admin goes rogue. I want to see more communities for vulnerable folk across more instances.

I wish there were more queer first instances too, and hopefully, this incident pushes someone in to spinning one up!

Blahaj zone hacked by ada in c/main
[-] ada 13 points 9 hours ago

We run our instances across multiple servers, but the postgres databases are all hosted together on a single server, though technically not a single server, as, at the time of the attack, we also hosted a backup database server, which was spec'd to backup our instances, but not serve them. Their access was limited to the main postgres server, but that server holds the databases for all of our instances. It looks like the script they used in the postgres exploit to give them local access interfered with the cleanup/backup process, so WOL files would get written, but not deleted, which filled up the disk on the main machine, and ultimately, caused it to fail over to the backup machine.

In theory, they could have used the same script/exploit on the backup machine, but because it wasn't spec'd to serve all of our instances at once, everything fell over at this point. That is what alerted us to the issue, and also limited the attackers available time in the system.

I'm not sure that talking-point is a winner... by ada in c/ausmemes@aussie.zone
[-] ada 14 points 10 hours ago

She doesn't care about maths. She cares about making the bigots feel confident enough to express their bigotry. She wants her voter base to feel powerful and also persecuted, so she'll switch frames of reference as needed.

310
Blahaj zone hacked (pen.blahaj.zone)
submitted 11 hours ago by ada to c/main
38 comments fedilink

Firstly, apologies to everyone for the extended downtime. Unfortunately, it was for a pretty bad reason. We were hacked.

The bad news is that it was a comprehensive attack, and the attackers had privileged access to our database system, across all of our services (except for writefreely, which doesn't use postgres). From what we can tell, the attacker did not do anything with that access, so we don't believe any user data was accessed, but we can't be certain of that. For lemmy, the impact of this should be minimal. If you registered with a real email address, they may have that. User passwords are encrypted in the database, so if you were using a secure, non trivial password, it should be safe, but you should still change it. You should also reset your 2 factor authentication if you had it enabled, as the seeds for these are not encrypted.

Our understanding is that the attacker used a peertube exploit, then a postgres exploit and then a kernel exploit to systematically gain access to different layers of our database server. A side effect of the hack was that it filled up our database servers hard drive, and caused it to fail over to our backup, which we believe mitigated some of the potential fall out.

We have had to reset activitypub keypairs for every account and community on lemmy, so there may be some federation hicoughs for a day or so, until remote servers have dropped any cached copies of our users public keys. This is uncharted territory though, so hopefully it's as smooth as we think it will be, but we can't be sure!

As stated earlier, our writefreely instance is still up and running as it wasn't impacted by this attack. Vernissage (our pixelfed replacement) has been brought back online, as has our matrix server.

We will be bringing up Sharkey, and then Piefed hopefully later today, but we have to rotate keypairs on those services too, which is also uncharted territory, so the timelines are hopes, not guarantees. At this point in time, we don't plan on bringing pixelfed back online, as it was slated for shutdown in August in any case. If people still need access to pixelfed to export data, we can spin it up briefly if needed, so please reach out if this is you. We also won't be bringing peertube back up at this point. It was not heavily utilised, and it was the source of the attack, so Kaity is a bit gun shy about spinning it back up on shared database infrastructure. If there is a strong desire to bring peertube back, we can consider doing that on isolated hardware, but at the current utilisation level, it doesn't seem worth the cost/effort to run it isolated.

in any case, you can read a fuller explanation of the attack by Kaity here https://pen.blahaj.zone/supakaity/weve-been-hacked

Gray? by ada in c/curlyhair@lemmy.world
[-] ada 4 points 3 days ago

I'll let it do whatever it wants to do. I already get frustrated with my curly hair because I resent the amount of time it takes to care for it. And I stopped colouring my hair for similar reasons years ago. So whatever it does, it does!

That being said, it's beginning to look like I may take after my father, and not go grey...

[SOLVED] How was a comment made five days ago on a post that was posted six minutes ago? by ada in c/nostupidquestions@lemmy.world
[-] ada 6 points 3 days ago

FWIW, I've only ever heard it used that way...

90
Update: Now resolved - Blahaj Piefed Down for security maintenance (self.main)
submitted 1 month ago* (last edited 1 month ago) by ada to c/main
1 comments fedilink

Edit - Piefed has been updated and returned to service

~~Thanks to someone posting a piefed security exploit without a disclosure period, we've had to pull blahaj piefed down without warning until a fix is implemented. This could take around 24 hours or so.~~

89
Now Fixed - Blahaj.zone latency across all services (self.main)
submitted 1 month ago* (last edited 1 month ago) by ada to c/main
8 comments fedilink

Edit - We're back!

~~We've had an issue with our databases. One of our fast database servers ran out of space, and then the second fast server ran out of space whilst replicating to the first.~~

~~As a result, we have fallen over to our backup database server, which runs on spinny disks rather than SSDs. Spinny disks means that it's got plenty of space to spare, but it's not fast. The backup DB server is currently replicating to our two main servers to get things back up and running again, but whilst that's happening, all of our services are running slow.~~

~~The good news is, we'll be back up and running as if nothing happened because our backup server saved the day. The bad news is, it may take another 24 hours or so, because the backup server is reliable but not fast!~~

41
Once more, I'm asking for more mods for this community (self.egg_irl)
submitted 4 months ago by ada to c/egg_irl
6 comments fedilink

If you're interested, and use blahaj lemmy as your main account, please reply below!

106
Rule 3 - Don't post negative, depressing news articles about trans issues unless there is a call to action or a way to help. (self.trans)
submitted 5 months ago by ada to c/trans
2 comments fedilink

We've been getting a few of these types of posts recently, so this is just a reminder. There are plenty of places we can find endless bad news. This is not meant to be one of them. Bad news has a place here, but only when it's part of a discussion that helps people move forward despite the negative.

21
This community needs new mods (self.nonbinary)
submitted 5 months ago by ada to c/nonbinary
10 comments fedilink

If you're non binary, and have a blahaj lemmy account, ideally with history in this community, and you would like to moderate this community, please reply and let me know.

228
We have a new lemmy Admin! Say hi to Jorunn (she/her)! (self.main)
submitted 6 months ago* (last edited 6 months ago) by ada to c/main
21 comments fedilink

For those quick off the mark, you may already have seen her name appear in the list of lemmy admins! We've brought Jorunn on board, as she's already staff on our piefed instance, and she has been helping moderate lemmy via our admin bot, which can approve signups, delete spam etc. So, she now has her own keys to the castle to make her life easier!

You can reach out to her for issues around community/instance moderation, regarding our lbz users etc. Kaity and I are still the best contacts for sys-admin related issues however.

Anyway, welcome aboard Jorunn and thank you for taking this on. I certainly appreciate it :)

169
Tawny Frogmouth (Not technically an owl, so don't tell the mods :P) (piefed.cdn.blahaj.zone)
submitted 6 months ago* (last edited 6 months ago) by ada to c/superbowl@lemmy.world
14 comments fedilink

Cross-posted from "Tawny Frogmouth (Podargus strigoides)" by @ada@piefed.blahaj.zone in !birding@lemmy.world

This was taken in near total darkness, with a hand held, 300mm 1 second exposure. I love this camera and lens!

And thank you to the Tawny, who was happy staying perfectly still for my long exposure :)

#frogmouth #TawnyFrogmouth #brisbane #meanjin #bird #urbanbirdphotography #australianbirds

11
Test (lemmy.blahaj.zone)
submitted 8 months ago by ada to c/test
1 comments fedilink

Test

16
This community needs a new mod or two (self.comics)
submitted 8 months ago by ada to c/comics
5 comments fedilink

If you're interested, and use Blåhaj Lemmy as your main instance, let me know and I'll add you as a moderator. You'll then be free to add other off instance mods if you like, but the primary mod needs to be a Blåhaj Lemmy user,

34
White-bellied Sea-Eagle (Icthyophaga leucogaster) (lemmy.blahaj.zone)
submitted 8 months ago by ada to c/birding@lemmy.world
0 comments fedilink

Point Lookout, Minjerribah, Queensland, Australia

#eagle #seaEagle #bird #birds #queensland #stradbrokeIsland #australia #australianWildlife

136
Planning a heist (lemmy.blahaj.zone)
submitted 8 months ago by ada to c/birding@lemmy.world
7 comments fedilink

This Kookaburra, was staring at the chips of a guy who had laid down on the grass and closed his eyes. A moment later, the heist succeeded!

Point Lookout, Minjerribah/Stradbroke Island, Australia

Why does it seem most people, mainly conservatives, against Trans people? Unless I am wrong I never heard of one shooting up a school church or whatever. The ones I have met have been pretty cool. by ada in c/nostupidquestions@lemmy.world
[-] ada 280 points 2 years ago* (last edited 2 years ago)

Because stirring up hate against vulnerable minorities, by positioning them as a threat is a well tested and effective technique for the power hungry to gain and retain power. And it's effective, because it works by pulling people in and making all of the conversation about whether or not it's right to hate on the group they're targeting.

view more: next ›

ada

joined 3 years ago
MODERATOR OF
main
blahaj
mtf
lgbtq_plus
translater
hajkey
trans
test