Dear LemmyUnchained.net Community,

I'm reaching out to provide an important update about a recent security incident. Please be assured that our instance was not directly targeted, but it's crucial that everyone is informed and understands what happened.

While many of us were offline, a vulnerability was discovered and exploited on the lemmy platform. This led to the leak of JWT cookies from several users, including at least one admin, allowing the perpetrators to alter site settings and post misleading announcements. While it appears our instance was not involved in the leak, this was a vulnerability that could have effected any instance.

However, the dedicated developer team, as well as a huge number of volunteers in the community, quickly sprung into action. Here's a brief summary of their swift response:

• They identified and patched the vulnerability.

• All comments and private messages containing the exploit were immediately deleted.

• The effected instanced rotated the JWT secret, which invalidated all existing cookies.

Please note, we're not providing details of the vulnerability at this time. This is to prevent any issues for those who may still be unaware and potentially vulnerable.

Lemmyunchained wants to extend a heartfelt thanks to all those who stepped in to assist.

In response to this incident, we've taken several additional security measures, including the removal of certain custom data from our databases, the replacement of content containing the exploit, and the rotation of our JWT secret. Due to these changes, you may find you've been logged out and will need to sign back in.

However, for the sake of security, we're not providing specific details about these measures at this time.

On a positive note, while our site was offline, we upgraded from version 18.0 to version 18.1.

Again, I apologize for the sudden offline period, and want to reassure you that it was necessary for the safety and security of our community. We deeply appreciate your understanding and continued support.

Here's to moving forward together, stronger and safer.

Best regards, LU

lemmyunchained will go offline whilst the hack situation develops.

no sign of any compromise here as of yet.

Hopefully wont take long to push a fix.

:)

How do I follow a Lemmy Unchained community on Mastodon? I can find other Lemmy communities from different instances, but I can't seem to locate Lemmy Unchained communities through Mastodon. Please help

I anticipate that we'll soon need to determine whether federating with threads aligns with the needs of our little instance.

From my perspective, I've yet to encounter a persuasive argument against doing so, particularly considering the straightforward process of defederation.

But I’m open to being educated on this matter.

I've upgraded our server to improve your experience on LemmyUnchained.net.

The memory is now at 32GB and the processing power has been increased to 12 processors (2 sockets, 6 cores each). The hard disk is expandable but currently stands at 1TB, offering plenty of room to accommodate our growth.

These upgrades are part of my efforts to anticipate higher traffic and support the future expansion of our community. As always, your feedback is appreciated.

Enjoy your time on LemmyUnchained.net!

Admin, LemmyUnchained.net

Is this conspiracy?——joke. Anyways.

Are those (al)most users (mal?)bots 🤖 I assume?

If it's really difficult and endless, Have you (admins and devs) ever tried to get help or advice from other instance admins / Lemmy devs especially who successfully resolve their 😈🤖 flooding? (Sorry I'm no IT, I'm just a helpless concerned lemmie.)

I'm worried that some instances might intend to blacklist/defederate this instance anytime.

That's all I can concern.

BTW my first post.

Just letting everyone know that we have successfully upgraded our platform from version 0.17.3 to 0.18.0. This significant update aims to enhance your experience on the platform, providing new features, more stability, and overall improved performance.