this post was submitted on 10 Jul 2023
289 points (100.0% liked)

Beehaw Support

2796 readers
1 users here now

Support and meta community for Beehaw. Ask your questions about the community, technical issues, and other such things here.

A brief FAQ for lurkers and new users can be found here.

Our September 2024 financial update is here.

For a refresher on our philosophy, see also What is Beehaw?, The spirit of the rules, and Beehaw is a Community


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.


if you can see this, it's up  

founded 2 years ago
MODERATORS
 

Hi Beeple!

Here's a vague version of events :

  • 11PM EST: Lemmy.world got hacked

  • 12:20AM EST: Blahaj.zone got hacked

  • 12:25AM EST: I shut down the server

  • 12:30AM EST: I make announcements to tell people about this

  • 12:45AM EST: I have an idea of what the problem is but there is no fix

  • 2:20AM EST: I go to sleep

  • 8:50AM EST: The server is booted back up, steps are applied to mitigate issues (Rotating JWTs, Clearing DB of the source of vulnerability, deleting custom emoji), UI is updated with the fix, CSP and other security options are applied

  • 11:40AM EST: We start testing things to make sure are working And well, now here we are.

If you have issues logging in or using an app:

  1. Log out if you somehow are still logged in

  2. Clear all cache, site data, etc.

  3. Hard refresh Beehaw using CTRL+F5

  4. Log back in.

If you still have issues, write to us at support@beehaw.org

To be clear : We have not been hacked as far as we know, we were completely unaffected. This was done preemptively.

Oh yeah, in case, you haven't, this is a good opportunity and reminder to follow us on Mastodon as the communication line was still up despite Beehaw being down : https://hachyderm.io/@beehaw

you are viewing a single comment's thread
view the rest of the comments
[–] Penguincoder@beehaw.org 12 points 1 year ago (1 children)

Much preferable to the announcement of Beehaw was hacked and lost your user credentials . Security trumps convenience.

[–] Pepper@beehaw.org 2 points 1 year ago (1 children)

Having an entirely separate website, blog, or social media account for announcements that's accessible via a Google search wouldn't factor into how secure Beehaw is.

[–] Penguincoder@beehaw.org 2 points 1 year ago (1 children)
[–] Pepper@beehaw.org 3 points 1 year ago (1 children)

And how were users supposed to be able to see the sidebar while the server was offline?

[–] retronautickz@beehaw.org 2 points 1 year ago (1 children)

You could have checked it before and follow their Mastodon-style account and join their matrix and/or discord groups, like most of us did.

Because everything they do server-wise is announced in those places, preemptive shutdowns included.

Alternative ways to reach the admin team and to be kept aware of anything happening with the server exist. If you didn't take the time (seconds) to join at least one of them, that's not the server's owners fault.

[–] Pepper@beehaw.org 1 points 1 year ago (1 children)

Like most of us did

Considering the responses to the thread, I don't think that's true.

Alternative ways to reach the admin team and to be kept aware of anything happening with the server exist.

A lot of people, myself included, are still getting used to Lemmy. The status quo has been if stuff was happening to Reddit there was an easily accessible server status page you could search up. I tried to do the same this time around and Google came up with diddly-squat. I don't think googling Beehaw to figure out what's going on is that illogical of a response.

[–] retronautickz@beehaw.org 3 points 1 year ago* (last edited 1 year ago) (1 children)

Considering the responses to the thread, I don’t think that’s true.

Given that you aren't in any of the groups, nor following their mastodon account. I don't think what you think based on the responses on a sole thread has any merit

A lot of people, myself included, are still getting used to Lemmy. The status quo has been if stuff was happening to Reddit there was an easily accessible server status page you could search up. I tried to do the same this time around and Google came up with diddly-squat. I don’t think googling Beehaw to figure out what’s going on is that illogical of a response.

Every time you open Beehaw (or any Lemmy instance for the matter) on the right side you'll find the description of the server below the "trending communities" box. There the admins put important links, including the three alternative ways to reach them (Mastodon, Matrix and Discord). You didn't have to google anything, it was just taking a look the main page of the server, see the section titled "Beehaw" and read it (Something that could have been done any time the server was up)

[–] Pepper@beehaw.org 1 points 1 year ago (1 children)

Given that you aren't in any of the groups, nor following their mastodon account. I don't think what you think based on the responses on a sole thread has any merit

I'm gonna say this only once, but that's an incredibly rude thing to say. I was giving you the benefit of the doubt in my previous reply but it's obvious now that you're just treating me like an idiot.

I think what I've had to say has merit. Given the upvotes there are obviously some others following the conversation that share my view. Even if there wasn't though, I'd still think it's important that I spoke up.

[–] retronautickz@beehaw.org 3 points 1 year ago (1 children)

I’m gonna say this only once, but that’s an incredibly rude thing to say. I was giving you the benefit of the doubt in my previous reply but it’s obvious now that you’re just treating me like an idiot.

Yeah, because you haven't been rude from the beginning (you were)

People (including me) explained to you how you could have reached the admins and stay in touch so this kind of thing wouldn't take you by surprise. When you had been explained several times this things and you keep insisting you don't have any option because "you couldn't google it", one has to begin to think that you're doing this in bad faith.

[–] Pepper@beehaw.org 1 points 1 year ago (1 children)

I'm not going to apologise for stating that there should have been a page I could have reached via a Google search.

One has to begin to think that you're doing this in bad faith

I said you were rude because you started talking down to and attacking me directly as a person. That's not ok.

[–] retronautickz@beehaw.org 3 points 1 year ago (1 children)

You acted as if there weren't ways of reaching, only because it wasn't the one you wanted to have.

I suggest you to stop relying on google, because in general it doesn't give good result for Lemmy (less for Beehaw in specific), and start to follow/join at least one of the alternative groups/accounts

[–] Gaywallet@beehaw.org 3 points 1 year ago

This has devolved into a back and forth argument, lets kill the conversation here please. I think you've both made your point.