I'm chuffed to bits to have finally had enough time to set it up externally. Google is no longer outright rejecting us!
And by externally I don't mean succumbing to the behemoths - it's all self managed!
I've seen a post recently about someone struggling hosting Lemmy on DigitalOcean and sending out verification emails. If you need help with config or would like to simply use lemmy.cafe's setup - feel free to reach out!
Also migrated pictrs from file to object storage, but have not been invoiced, yet. I suspect it's the low amount (<$1) and will probably keep carrying over until some threshold is reached.
Sorry about it, it seems like after having nuked the CSAM incident community lemmy-ui has freaked out again about the site logo. Fixed it for now, will keep a close eye on the web UI.
There has been a vulnerability discovered in Lemmy. I have no reason to believe lemmy.cafe itself has been breached. We do no have any custom emojis, which appears to have been the culprit of some XSS attack.
As a safety precaution, however, I have applied the suggested fix and rotated the JWT token, which will have invalidated everyone's session.
It looks like several Lemmy instances were exploited last night. It doesn't appear that much damage has been done, but users may have to log out and back in if they use mobile apps.
@Illecors@lemmy.cafe have you found any indication that lemmy.cafe may have been targeted too?
Right now there appears to be a bug where if english is the only language selected in the instance settings, Jerboa will never succeed posting, commenting, messaging, etc.
Adding undetermined back to the list has fixes it.
I have added threads to the blocklist. It does not show up on instance list, yet as I believe the server is simply unreachable due to disabled federation on Threads' end.
As for the reason - I don't feel comfortable providing data to Meta. At the moment Lemmy software is very trusting and every instance syncs quite a bit of data about users from other instances.
Due to lemmy.world DoSing us whenever their servers decide it's our turn to get all their data I started looking into ways to create headroom for Lemmy Cafe without increasing the bill as under normal circumstances there are plenty of resources.
This has lead me to the blocklist that blackholes all kinds of scrapers and known bad actors.
This is a new domain on an IP that was fairly recently assigned to it. All main email providers blacklist anything that is not gmail, outlook or aws by default. Nothing I can do about it, other than becoming part of the problem and paying them to host this instance's email.