1
1
Back up, with more protections (poptalk.scrubbles.tech)

Okay that was much faster than I expected, I expected us to be down for at least a week.

So what happened? As mentioned in my earlier post, some absolute asswipe of a person uploaded some extremely vile stuff over on a large instance. The admins were quick to let everyone know and we all purged the info. We here were not affected because the offending community was not subscribed here, but I purged the last 24 hours worth of images to be safe.

I won't go into all of the details right now, but previously I hosted this happily on a micro PC at home. When content is federated it means it's duplicated onto my server and served from there, which is real bad if I'm hosting it from my home, means that essentially they could come busting down my door, which is why I reactively posted that post and took everything down while I investigated.

What's changed is that we're now fully hosted on the cloud, completely outside of my home. I've enabled pretty much every guardrail I can in the short time and have been in constant contact with other instance admins.

I won't go into all of the details of how this is hosted, but the one clear thing is that we're now behind Cloudflare, which has free CSAM reporting enabled, which means if anything ever crosses over it will be auto-blocked and reported on, which of course I'm happy to help feds catch assholes who post that at all.

So we're up again for a while, we'll take it as it goes. Lemmy will be adding in new guardrails to also stop federating images (no changes to you folks, but essentially means I wouldn't have a copy of any image like that, it'd be on the hosting server).

Anyway, that's all, sorry for the swears today and how angry I sound. Someone decided to post some horrible shit, some instance owners are dealing with actually seeing it with their eyes, I lost the back half of my weekend to it.

If anyone wants to help with hosting costs, it's not very much but I'm expecting about 20/month at our current size. No one should feel obligated, but if you'd like to I set up a simple buy me a coffee, if anyone feels inclined.

-Scrubbles

2
2
Sad post, going down for a while (poptalk.scrubbles.tech)

Hey all, first of all I love you all for being here, this started as a small side project and ballooned into a fun area to talk about pop music. Sadly, I have to take the site down for a while while I rethink how I host.

Currently, this site is hosted on my own hardware, on my own network. Something that was never an issue, I had some protections around it to keep it safe.

I won't go into all details, but yesterday someone on another instance uploaded some extremely vile child content that federated to several other instances. Ours was not affected (luckily), but to be safe I purged everything from the last 24 hours.

Unfortuanately, this will be a growing trend, and Lemmy devs haven't done much to protect instance owners. If someone uploaded something like that to a different instance that we subscribed to, technically I would also be hosting that data. (Federation is cool, but it means we are all hosting it), which means the feds could come and beat down my door for hosting it.

In the short term, I'm going to let this go out so others can see it, but I'm hoping it'll be federated for other users while I convert over.

Step 1 is that I cannot host this locally, I need to get it off my network and into the cloud. Steps 2, 3, 4, and on are going to be adding protections so stuff can't ever get in in the first place, integrating tools, and probably working with the lemmy developers on ways to prevent it in the first place.

I don't know how long we'll be down, but unfortunately someone else ruined it for all of us for a bit. I'll do my best to come back up soon while I shore up our ingest.

-Your swiftie admin, Scrubbles

3
1
submitted 1 year ago* (last edited 1 year ago) by scrubbles@poptalk.scrubbles.tech to c/poptalkmeta@poptalk.scrubbles.tech

Unless anyone says anything major, there have been several low effort rage bait/troll/anger posts from the instance lemmy.name. Checking it out it seems to be small but open for registrations and so getting a reputation.

In general I try to limit defederation to one of the last options, (i.e. super NSFW instances, ultra conservative right leaning instances, or anything that just spews hate) but I have already defederated with a few. I take it as if you want to see that stuff that's great, join a server that federates with both and you can see both - but I won't host it here.

Please let me know here if anyone would be horrified by this or they'd be cut off, otherwise I'll defederate from it.

4
1

Just upgraded to 0.18.2 which fixes an XSS bug, the one that other instances were attacked through.

To fix the vulnerability it required clearing out everyone's session, which means everyone will have to log in again. Sorry about that :/

5
1

Hey folks,

I spent some time this morning playing with email, specifically outgoing SMTP connections. Previously I was following a guide where I set up an SMTP relay locally, but it never worked.

Turns out, my ISP is blocking outbound port 25, apparently it's a "To protect you, the customer, we'll prevent spam from being sent from you."

So, if anyone knows of a good (free) SMTP service, or is willing to support us by setting up an SMTP account on something like sendgrid,google,whatever, I'd be happy to point Lemmy towards it. Right now they are all limited to something like 100 emails a day, which at first seems fine but with comment replies I think with our small size we'd already be hitting that limit.

An alternative might be to set up a VM that runs postfix as a relay in the cloud, but from what I read most of them also block outbound port 25 for spam protection.

6
1
submitted 1 year ago* (last edited 1 year ago) by poptiger2@poptalk.scrubbles.tech to c/poptalkmeta@poptalk.scrubbles.tech

I would be about just to cross post mine to lemmy.world.

But I saw a concern:

https://lemmy.world/c/music EXISTS and DISPLAYS.

https://poptalk.scrubbles.tech/c/music@lemmy.world is NOT displayed.

https://lemmy.world/c/popheads@poptalk.scrubbles.tech is DISPLAYED and WELL FUNCTIONING.

On the other communities with the same manner:

https://lemmy.ml/c/music EXISTS and DISPLAYS.

https://poptalk.scrubbles.tech/c/music@lemmy.ml is DISPLAYED and WELL FUNCTIONING.

https://beehaw.org/c/music EXISTS and DISPLAYS.

https://poptalk.scrubbles.tech/c/music@beehaw.org is DISPLAYED and WELL FUNCTIONING.

Despite first I checked:

lemmy.world is one of poptalk.scrubbles.tech linked instances according to https://poptalk.scrubbles.tech/instances

poptalk.scrubbles.tech is one of lemmy.world linked instances according to https://lemmy.world/instances

I hope this is a somewhat concern.

End here.



Out of topic: my cross posts seem not linked to each other as if they are all duplicated separated posts, unlike what I see on cross-posts anyways. Maybe I am wrong on how to cross post. I just want to cross post so I could gather more different info from other instances.

7
1
Welcome Reddit Refugees (poptalk.scrubbles.tech)

Hello and welcome Reddit Refugees!

Like you, I'm here licking my wounds at the end of Reddit Sync, my personal favorite. We hope that you'll find a new home here on Lemmy!

Please take a moment to look through our communities and rules, we don't have many, just try to be nice, don't be gross, and have fun here!

If you are brand new to Lemmy, I took some time to write up a welcome post here. Hopefully it explains most of what we're dong here.

This community, poptalkmeta is now open for suggestions, concerns, questions, whatever you may have, I'll be available and I'll be adding our other mods as well.

Welcome and have fun!

PopTalk Meta Community

0 readers
1 users here now

Meta community for reaching the mods/admins of PopTalk.

Post here for community issues, feedback, questions, concerns, or if you'd like to start a new community!

founded 1 year ago
MODERATORS