Conversation
Notices
-
this whole situation makes us look bad. an entire instance and its users are displaced with likely (probably) hundreds of password crossovers with real world emails because trust or maybe oversight on one persons part
we as instance owners owe it to our users to do better than this. poast takes pretty extreme measures in terms of security but realistically its as simple as having keys instead of passwords and not storing that on your pc. change your ports, restrict logins to specific users or better yet enable an ssh knock port so the server will only respond if you knock on the port before trying to connect.
there's all kinds of simple steps to take to prevent something like this from metastasizing outside the original 'hacked' computer
the number 1 method of hacking is social engineering, RAT can fall under this since she likely willingly installed whatever was sent to her
dont click shit from people on the internet i guess is the takeaway from this if you are an end user. dont open links, just dont
- cool_boy_mew and 𝙵𝚄𝙻𝙻𝙼𝙴𝚃𝙰𝙻.𝚎𝚡𝚎 like this.
-
@mario @Elliptica @graf >Onion fediverse when? (actually that's a really, really bad idea :blobcatsweat:)
http://rawrxd4mden7rmbobaftao3qjyxbrvj4rrooehkqxlqcsdtnnn2hndid.onion/
-
but that would also work with a bigger instance and a gov-complying hoster. if there was a court order to take hornyjail.pro offline, my hoster would def do it (as they probably should tbh if the court order has any merit)
Onion fediverse when? (actually that's a really, really bad idea :blobcatsweat:)
-
@Elliptica @mario the impact would be on that user, not on the 3000 people also on that server who now had all their shit exposed because someone didnt like the admin/me
-
@graf @mario So there wouldn't (or shouldn't) be a general exploit that could be used to knock the 3000 other users around as well?
I feel like it would be as simple as "hey big hosting service, it's the ADL/government, do you see these 3000 individual fedi servers? Take them offline please?"
-
@mario you are correct friend
not even just for security, but the health of the fediverse depends on instances like poast not existing. so i would prefer if people made their own
-
@graf @mario But I think that would make it easier to target individuals. On average they would not know anything about net security and would all probably use the same basic setup. You could probably automate a take down process that would wipe out accounts quickly, and people would be left unable to fix their own stuff.
(I might be wrong on this, but I know nothing about managing services like this, and I think I'd screw it up.)
-
@graf I know this is somewhat of a mute point, but I think more decentralization (in terms of user spread) would help in the future as it makes instances less high-profile and minimizes the damage when something happens. Server hacking games have been around since IRC and when admins think they can have (bad) user-grade security this will happen. Sucks for the admin and the users but my pity stays limited since it could have been easily avoided by chudbud admin not getting rooted and by the users not using identifiable info for registration or in DMs. From my perspective, they got backslapped for acting hard.
>victim blaming
Yeah, essentially. Provinding an online platform and even registering and engaging on one comes with op-/infosec responsibilities, especially in Sweety Squad circles.
Remember when Kiwifarms had their database dumped? Stuff like that even happens to somewhat competent admins. Users shouldn't need to trust error-prone systems or at least make it only their own problem when stuff gets leaked.
tl;dr host your own single user instance for 10€/month with some effort or get a btrfly one for even less effort and only be responsible for your own data
:btrfly: anime graf mays 🛰️🪐
Mario 🔒
Anime Wong
All 076萌SNS content and data are available under the