!announcements@feddit.ch
The only purpose for this community is to give the instance users information about the current state of the instance. Only moderators can post to this community.
!announcements
@feddit.chAs you might have noticed, there are a couple of other instances, which went dark. This is because of an active exploit in the user user frontend, through custom emojis.
The attacker can than put custom javascript code into custom emojis and publish a post or a comment. Then, for everyone that opens that post/comment (currently on browser only), will then upload their JWT token to the attacker, which is used for the site to know, you are authenticated.
This token can then be used from the attacker to use your user account and do whatever they want with it - they have then gained your session.
Right now, feddit.ch does not have any form of custom emojis implemented, which are used through this attack.
A fix for this issue seems on the way. https://github.com/LemmyNet/lemmy-ui/pull/1900
The fix will be implement, when fully approved.
Here is some info on that regards Lemmy.ml posts with info regarding the issue: https://lemmy.ml/post/1896249 https://lemmy.ml/post/1895271
What does this mean to you? For the current attack, normal users are not in the main focus, since they try to "troll" the instances while using the admin accounts to gain access to the site and spread the information on sidebar, taglines, etc.
If your scared someone would take over your account - log out and lurk for some time. The fix will be there soon.
The admin account will go offline until the issue has been fixed.
I'll update you as soon as i know more.
Update 10.07.2023 14.52h
The lemmy-ui has been patched by the devs, the vulnerability should be fixed for now. The UI-Version is now v.0.18.2-rc1, as you can see at the bottom of the page.
You should now be able to normally continue with your user account. If you concerned, please reset your password and login again with your new credentials.
Info about the PR for the lemmy-ui https://github.com/LemmyNet/lemmy-ui/pull/1897
https://github.com/LemmyNet/lemmy/releases/tag/0.18.1
What's Changed Remove actix_rt & use standard tokio spawn by @cetra3 in #3158 Add TLS support for diesel-async database connections by @sunaurus in #3189 after 30 days, replace comment.content and...
Hi guys
As you might noticed, the instance had some stability issues since 05.07.2023. The web service was sometimes unresponsive or not reachable at all. First, i thought it was just a hiccup and the server needed a reboot. But the issue came up some time later.
The resource graph showed very high disk usage, other a long time period - in which the service was not reachable at all. A reboot fixed the issue.
After further investigations, i increased the available RAM and pretty quickly discovered, that the current application is quite a "memory hog". And the downtime was probably because of swapping.
My goal is to use as many resources as i actually need, to deliver the service, as energy efficient as possible.
I hope the services will run smoother for some time, but rest assured, if more resources are needed, the instance will get it.
For now, i keep an eye on it.
Apologies my feddit.ch lemmings. If you encounter stability or service issues, feel free to contact me.
Edit: Further updates
The issue seems to be know by the bigger lemmy instances and are under constant work to get resolved. I hope for a new stable release pretty soon.
Here's some info from lemmy.wold Post Update 05.07.2023 Lemmy.world status update 2023-07-04
The ongoing email issues could be temporarily solved. You should now be able to add an mail address to your account and reset the password of it, if you lost it.
The mails are sent through mailersend.net over port 587 (TLS), as long as the proton mail server for the instance is not ready. Mails are sent through with the address noreply@lemmy.feddit.ch.
It is a sending address only, so no need in trying to send emails to it.
Sorry for any issues caused.
Edit: Spelling
feddit.ch currently has an issue in sending out emails. So if you try to "forget my password" or verify your email address, you will be greeted by an error message, that the mail could not been sent.
As soon as the issue has been fixed, I'll update the post.
Sorry for any inconvenience.
Update 27.06.23, 23.50
As a temporary workaround, i tried to implement a alternative SMTP server, so people could verify their email or reset their password. This resulted in instance hangs and felt like a crash. The SMTP Server is now again disabled and an error occurs until a find a different solution or a bugfix from the lemmy devs arrives. They seem to have lots of issues in the release v0.18.0, which is still a very early stage.
My testings resulted in a few minor outages, i'm sorry guys.
Update 03.07.23, 21.40
I tried to find the issue again on the email issue and could temporarily resolve the issue until the planned proton mail server is ready and working. You should now be able to reset your password and set an email address to your account.
Sorry for any caused issues.
https://join-lemmy.org/news/2023-06-23_-_Lemmy_Release_v0.18.0