overview for ruud

Original message We will upgrade lemmy.world to 0.18.3 today at 20:00 UTC+2 (Check what this isn in your timezone). Expect the site to be down for a few minutes. ""Edit"" I was warned it could be more than a few minutes. The database update might even take 30 minutes or longer.

Release notes for 0.18.3 can be found here: https://github.com/LemmyNet/lemmy/blob/main/RELEASES.md

(This is unrelated to the downtimes we experienced lately, those are caused by attacks that we're still looking into mitigating. Sorry for those)

11

Trueno, Cypress Hill - F*CK EL POLICE REMIX (Video Oficial) (www.youtube.com)

submitted 1 year ago by ruud@lemmy.world to c/hiphopheads@sopuli.xyz

0 comments fedilink

1

Goldfrapp - Silver eye (lemmy.world)

submitted 1 year ago by ruud@lemmy.world to c/vinyl@lemmy.world

0 comments fedilink

Now playing: Silver eye by Goldfrapp.

Lemmy.world update: Downtime today / Cloudflare by ruud in c/lemmyworld@lemmy.world

[-] ruud@lemmy.world 52 points 1 year ago

Hmm, best would be if those kids find a real hobby so they stop bothering us. On the other hand, it helps us understand Lemmy better and secure it.

1820

Lemmy.world update: Downtime today / Cloudflare (lemmy.world)

submitted 1 year ago by ruud@lemmy.world to c/lemmyworld@lemmy.world

430 comments fedilink

Today, like the past few days, we have had some downtime. Apparently some script kids are enjoying themselves by targeting our server (and others). Sorry for the inconvenience.

Most of these 'attacks' are targeted at the database, but some are more ddos-like and can be mitigated by using a CDN. Some other Lemmy servers are using Cloudflare, so we know that works. Therefore we have chosen Cloudflare as CDN / DDOS protection platform for now. We will look into other options, but we needed something to be implemented asap.

For the other attacks, we are using them to investigate and implement measures like rate limiting etc.

2493

As requested: https://old.lemmy.world (MLMYM) (old.lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by ruud@lemmy.world to c/lemmyworld@lemmy.world

501 comments fedilink

As requested by some users: 'old' style now accessible via https://old.lemmy.world

Code can be found here: https://github.com/rystaf/mlmym , created by Ryan (Is he here?) (Yes he appears to be! @nnrx@sh.itjust.works ! Thanks for this awesome front-end!)

Lemmy.world is exposing the NGINX version by ruud in c/general@lemmy.world

[-] ruud@lemmy.world 48 points 1 year ago

Thanks for the tip, I changed it.

124

Updated Voyager to 0.23.1 on m.lemmy.world (m.lemmy.world)

submitted 1 year ago by ruud@lemmy.world to c/lemmyworld@lemmy.world

4 comments fedilink

Thanks to @aeharding@lemmy.world for another release with awesome enhancements, see release notes here: https://lemmy.world/post/1558795

The .world blog: June overview by ruud in c/lemmyworld@lemmy.world

[-] ruud@lemmy.world 44 points 1 year ago

Yes well you'll always have that. Luckily that's greatly outnumbered by the positive feedback /comments.

420

The .world blog: June overview (blog.mastodon.world)

submitted 1 year ago by ruud@lemmy.world to c/lemmyworld@lemmy.world

61 comments fedilink

I blogged about what happened in June, and the financial overview.

I think I fixed the thumbnails issue :-) by ruud in c/lemmyworld@lemmy.world

[-] ruud@lemmy.world 52 points 1 year ago

Tip: Edit the post then Save. Works!

343

I think I fixed the thumbnails issue :-) (lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by ruud@lemmy.world to c/lemmyworld@lemmy.world

19 comments fedilink

It's always the small things you overlook...

The docker-compose.yml I copied from somewhere when setting up lemmy.world apparently was missing the external network for the pictrs container.. So pictrs was working, as long as it got the images via Lemmy. Getting the images via URL didn't work...

Looks like it's working now. Looks a whole lot better with all the images :-)

Edit For existing posts: Edit the post, then Save. (No need to change anything). This also fetches the image.

269

Lemmy.world updated to 0.18.2 (lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by ruud@lemmy.world to c/lemmyworld@lemmy.world

13 comments fedilink

(Duplicate post :-) see https://lemmy.world/post/1375042)

2

Voyager (fka wefwef) now available at m.lemmy.world (m.lemmy.world)

submitted 1 year ago by ruud@lemmy.world to c/voyagerapp@lemmy.world

0 comments fedilink

cross-posted from: https://lemmy.world/post/1303201

We've installed Voyager and it's reachable at https://m.lemmy.world, you can browse Lemmy, and login there (also if your account isn't on lemmy.world)

198

Voyager (fka wefwef) now available at m.lemmy.world (m.lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by ruud@lemmy.world to c/lemmyworld@lemmy.world

94 comments fedilink

We've installed Voyager and it's reachable at https://m.lemmy.world, you can browse Lemmy, and login there (also if your account isn't on lemmy.world)

PS Thanks go out to @stux@stux@geddit.social , he came up with the idea (see https://m.geddit.social).

Lemmy.world (and some others) were hacked by ruud in c/lemmyworld@lemmy.world

[-] ruud@lemmy.world 35 points 1 year ago

Mail: info@lemmy.world Mastodon: @mwadmin@mastodon.world Matrix: https://matrix.to/#/#lemmy-support-general:discuss.online

Lemmy.world (and some others) were hacked by ruud in c/lemmyworld@lemmy.world

[-] ruud@lemmy.world 39 points 1 year ago

Good point. I did post about this on Mastodon @mwadmin@mastodon.world

826

Lemmy.world (and some others) were hacked (lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by ruud@lemmy.world to c/lemmyworld@lemmy.world

275 comments fedilink

While I was asleep, apparently the site was hacked. Luckily, (big) part of the lemmy.world team is in US, and some early birds in EU also helped mitigate this.

As I am told, this was the issue:

There is an vulnerability which was exploited
Several people had their JWT cookies leaked, including at least one admin
Attackers started changing site settings and posting fake announcements etc

Our mitigations:

We removed the vulnerability
Deleted all comments and private messages that contained the exploit
Rotated JWT secret which invalidated all existing cookies

The vulnerability will be fixed by the Lemmy devs.

Details of the vulnerability are here

Many thanks for all that helped, and sorry for any inconvenience caused!

Update While we believe the admins accounts were what they were after, it could be that other users accounts were compromised. Your cookie could have been 'stolen' and the hacker could have had access to your account, creating posts and comments under your name, and accessing/changing your settings (which shows your e-mail).

For this, you would have had to be using lemmy.world at that time, and load a page that had the vulnerability in it.

Some system load graphs of last 24h by ruud in c/lemmyworld@lemmy.world

[-] ruud@lemmy.world 33 points 1 year ago

It would stress me even more to see a lot of RAM doing nothing, that would be a shame! ;-)