lemmy.blahaj.zone Also Compromised - eviltoast

The site is down for now but do not try to login into it.

  • TruckBC@lemmy.caM
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Power of the open source community.

    In my opinion the “drama” was a critical part of immediately drawing attention to the voulnerabilty and bringing it to the attention of most instance admins very quickly.

    Few things that have been added on my to-do list that I’ve learned from this.

    • We need more backend man power for coverage.
    • Major instances, and probably all instances should partner with another instance that’s in an opposite time zone for emergency response. Ideally having partnered admins and backend admins with no more than 8 hours difference between each one for 24 hour reliable coverage would be ideal. Partnered admins should in my opinion have each other’s phone numbers and have it set to bypass do not disturb.
    • We need to make sure users know how to contact admins off Lemmy for emergencies, as well as ensure that admins are tagged when a situation like this develops. (To my knowledge no lemmy.ca admin was tagged when this started to unfold.)
    • There’s more thoughts but I can’t remember them on 5 hours of sleep 😴

    Any additional suggestions are welcome!