Hi Beeple!

Here’s a vague version of events :

  • 11PM EST: Lemmy.world got hacked

  • 12:20AM EST: Blahaj.zone got hacked

  • 12:25AM EST: I shut down the server

  • 12:30AM EST: I make announcements to tell people about this

  • 12:45AM EST: I have an idea of what the problem is but there is no fix

  • 2:20AM EST: I go to sleep

  • 8:50AM EST: The server is booted back up, steps are applied to mitigate issues (Rotating JWTs, Clearing DB of the source of vulnerability, deleting custom emoji), UI is updated with the fix, CSP and other security options are applied

  • 11:40AM EST: We start testing things to make sure are working And well, now here we are.

If you have issues logging in or using an app:

  1. Log out if you somehow are still logged in

  2. Clear all cache, site data, etc.

  3. Hard refresh Beehaw using CTRL+F5

  4. Log back in.

If you still have issues, write to us at support@beehaw.org

To be clear : We have not been hacked as far as we know, we were completely unaffected. This was done preemptively.

Oh yeah, in case, you haven’t, this is a good opportunity and reminder to follow us on Mastodon as the communication line was still up despite Beehaw being down : https://hachyderm.io/@beehaw

      • Pepper@beehaw.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I’ll be blunt and say that unless you were already in-the-know, Beehaw pretty much ceased to exist when the server was shut down. Not the best result amidst a hacking scare.

        • PenguinCoder@beehaw.orgM
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 year ago

          Much preferable to the announcement of Beehaw was hacked and lost your user credentials <or more>. Security trumps convenience.

          • Pepper@beehaw.org
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Having an entirely separate website, blog, or social media account for announcements that’s accessible via a Google search wouldn’t factor into how secure Beehaw is.

              • Pepper@beehaw.org
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 year ago

                And how were users supposed to be able to see the sidebar while the server was offline?

                • Retronautickz@beehaw.org
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  1 year ago

                  You could have checked it before and follow their Mastodon-style account and join their matrix and/or discord groups, like most of us did.

                  Because everything they do server-wise is announced in those places, preemptive shutdowns included.

                  Alternative ways to reach the admin team and to be kept aware of anything happening with the server exist. If you didn’t take the time (seconds) to join at least one of them, that’s not the server’s owners fault.

                  • Pepper@beehaw.org
                    link
                    fedilink
                    English
                    arrow-up
                    3
                    ·
                    1 year ago

                    Like most of us did

                    Considering the responses to the thread, I don’t think that’s true.

                    Alternative ways to reach the admin team and to be kept aware of anything happening with the server exist.

                    A lot of people, myself included, are still getting used to Lemmy. The status quo has been if stuff was happening to Reddit there was an easily accessible server status page you could search up. I tried to do the same this time around and Google came up with diddly-squat. I don’t think googling Beehaw to figure out what’s going on is that illogical of a response.

    • Lionir [he/him]@beehaw.orgOPM
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Can you be more precise? What exactly do you recommend? I don’t know what would be more “Google-friendly”