tom

Hey guys,

Sorry about the absence, have been super busy with life, other projects and the nightmare of buying a flat lol.

Instance should be updated to 0.18.3, as some of you have noticed the website has been periodically down the last few weeks (at most by half an hour at a time) will keep monitoring the uptime after this update but hopefully this partially fixes it

So last night a XSS scripting attack was found on all Lemmy instances. See the lemmy world update here https://feddit.uk/post/453040

What this means is that hackers could inject their own "script" when any user viewed a comment/post that the hackers made. The hackers would then grab your JWT token with the script so they could impersonate that user. (And perform any actions on behalf of the user)

Luckily, it looks like I haven't been compromised so the site config should all be the same

What has been done about this

I've removed any comments or posts which included the script see here https://github.com/LemmyNet/lemmy-ui/issues/1895

I would have removed all custom emojis as well but there was none in our DB, this may potentially mean that this site was not affected. Just in case, I've also rotated the JWT tokens so all tokens are now invalid. This means you will have to logout and log back into the instance

Shoutout to @clara@feddit.uk for messaging me about this and bringing it to my attention

Big update this, this update comes with captcha being available which has now been re-enabled for sign up. This means signups are once again open (as captcha should filter out most bots).

Quite a few UI changes in this one and quite a few performance updates as well (mainly around how the database works). If anyone is interested our CPU average is around 8-10% usage and the memory usage has dropped to around 5% usage so the instance is looking pretty stable.

Hey everyone,

I've deployed a feddit.uk specific instance of wefwef at app.feddit.uk

If you haven't heard of wefwef before, it's essentially a mobile UI which you can deploy as a PWA to your phone, the link for the actual app is here https://wefwef.app

So that we don't rely on wefwef servers, I've deployed a local version which should be faster as it runs on the same server as feddit.uk so is essentially a second UI to the regular web app as I've limited to feddit.uk only at the moment.

Thanks, Tom

Hey everyone, It seems a lot of people are having issues verifying their email when first signing up as they are not receiving the email.

This is because around 20-30% or emails sent from admin@feddit.uk are being bounced due to being marked as spam. I'm working on fixing this at the moment, (the domain is on a domain blacklist on spamhaus.org)

In the meantime, please send an email to admin@feddit.uk from the email that needs verifying and I will verify the email manually which should resolve the issue.

Thanks, Tom