this post was submitted on 10 Jul 2023
293 points (100.0% liked)

Beehaw Support

2801 readers
1 users here now

Support and meta community for Beehaw. Ask your questions about the community, technical issues, and other such things here.

A brief FAQ for lurkers and new users can be found here.

Our September 2024 financial update is here.

For a refresher on our philosophy, see also What is Beehaw?, The spirit of the rules, and Beehaw is a Community

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

if you can see this, it's up  

founded 3 years ago
MODERATORS
Zmodem@beehaw.org
Gaywallet@beehaw.org
alyaza@beehaw.org
Lionir@beehaw.org
Penguincoder@beehaw.org
remington@beehaw.org
293
PSA: We're back, here's a post-mortem! (beehaw.org)
submitted 2 years ago* (last edited 2 years ago) by Lionir@beehaw.org to c/support@beehaw.org
81 comments fedilink hide all child comments
 

Hi Beeple!

Here's a vague version of events :

  • 11PM EST: Lemmy.world got hacked

  • 12:20AM EST: Blahaj.zone got hacked

  • 12:25AM EST: I shut down the server

  • 12:30AM EST: I make announcements to tell people about this

  • 12:45AM EST: I have an idea of what the problem is but there is no fix

  • 2:20AM EST: I go to sleep

  • 8:50AM EST: The server is booted back up, steps are applied to mitigate issues (Rotating JWTs, Clearing DB of the source of vulnerability, deleting custom emoji), UI is updated with the fix, CSP and other security options are applied

  • 11:40AM EST: We start testing things to make sure are working And well, now here we are.

If you have issues logging in or using an app:

  1. Log out if you somehow are still logged in

  2. Clear all cache, site data, etc.

  3. Hard refresh Beehaw using CTRL+F5

  4. Log back in.

If you still have issues, write to us at support@beehaw.org

To be clear : We have not been hacked as far as we know, we were completely unaffected. This was done preemptively.

Oh yeah, in case, you haven't, this is a good opportunity and reminder to follow us on Mastodon as the communication line was still up despite Beehaw being down : https://hachyderm.io/@beehaw

(page 2) 26 comments
sorted by: hot top controversial new old
[–] HowlsSophie@beehaw.org 4 points 2 years ago

Your work is greatly appreciated! Also happy to know that you got some sleep, very important for the process ☺

[–] nlm@beehaw.org 3 points 2 years ago

Great job keeping the site safe guys!

Nice to see it back up again! It being offline was surprisingly palpable. Missed it!

I'm guessing it's probably not the last big thing that's going to hit Lemmy instances in the future, everything still being in early development and all. Only things we can do is keep an eye out, have vigilant admins and plenty of backups!

And patient users but we seem to have that. :)

[–] ericjmorey@beehaw.org 2 points 2 years ago

Maybe post to https://hachyderm.io/@beehaw to spread the word outside of Beehaw.org

[–] TMoney@beehaw.org 1 points 2 years ago (3 children)

Was the hack related to the lasted patch update?

[–] Zorind@beehaw.org 3 points 2 years ago

I don’t believe it was related to anything specifically added or removed in a recent patch, I think it was an existing exploit that just hadn’t been noticed.

load more comments (2 replies)
load more comments
view more: ‹ prev next ›