The site is down for now but do not try to login into it.

    • TruckBCMA
      link
      fedilink
      arrow-up
      17
      ·
      1 year ago

      Currently it seems to be a vulnerability with custom emojis only, which this instance never had, so currently we shouldn’t be affected. However this is a developing situation and we will continue to monitor.

      • Arghblarg
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        Good job admins for staying on top of the situation!

        (… and have you made a snapshot backup, just in case? 😁 )

        • TruckBCMA
          link
          fedilink
          arrow-up
          7
          ·
          1 year ago

          I can’t remember exactly but @[email protected] is the one that takes care of those things, I think he’s got it set up to backup every 8 hours? I’m taking a rapid crash course in sysadmin but I’m not really ready to start poking at production server stuff yet.

  • Vampiric_Luma
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    My EEEEEEEEEEYES AUUUUUUUUUUUUUUUUUUGH the instance is pure white, probably utilizing some witch-craft to bring sunlight directly into my eyes. How do I return the blessed darkness to my screen??

  • grte
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Seems they’re back up and the devs pushed out a patch for the vulnerability.

    • TruckBCMA
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      We have updated to a patched version.

      • grte
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        It’s been interesting watching this all play out on an open source social network. It’s all out in the open so it caused quite the drama, but the actual order of events? Site goes down and is back up and vulnerability patched like 4 hours later? That’s really impressive.

        • TruckBCMA
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          Power of the open source community.

          In my opinion the “drama” was a critical part of immediately drawing attention to the voulnerabilty and bringing it to the attention of most instance admins very quickly.

          Few things that have been added on my to-do list that I’ve learned from this.

          • We need more backend man power for coverage.
          • Major instances, and probably all instances should partner with another instance that’s in an opposite time zone for emergency response. Ideally having partnered admins and backend admins with no more than 8 hours difference between each one for 24 hour reliable coverage would be ideal. Partnered admins should in my opinion have each other’s phone numbers and have it set to bypass do not disturb.
          • We need to make sure users know how to contact admins off Lemmy for emergencies, as well as ensure that admins are tagged when a situation like this develops. (To my knowledge no lemmy.ca admin was tagged when this started to unfold.)
          • There’s more thoughts but I can’t remember them on 5 hours of sleep 😴

          Any additional suggestions are welcome!

          • grte
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Is there a lemmy.ca mastodon account or something as an alternate place to contact/get updates?

            • TruckBCMA
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              No, but that’s a great idea. Thank you.

  • stovemilk
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    What the hell happened here?? I get logged out of wefwef, come here to investigate, and I see something about a vulnerability???