#fediadmin — Public Fediverse posts

20 administrators just received a polite, discreet private reminder that their copy of Mastodon or Mastodon+Glitch (since this affects both) should be upgraded.

You should be using Mastodon 4.5.10 or Mastodon+Glitch 4.5.10.

If you are using a nightly build, you should be using at minimum either 4.6.0-nightly.2026-05-21-security or 4.6.0-alpha.8+glitch.

Previous releases had serious security flaws that even “script kiddies” could exploit. Upgrade advised.

#MastoAdmin #FediAdmin #Mastodon

Euh, did something happen over at mastodon.cloud?

I just got 15 follow requests from all these at the same time and they're all redirected profiles (folks have moved on to other instances)

#fediadmin #MastoAdmin @stux

#FediBlock @[email protected] - another LLM hooked up to a Fedi account

#MastoAdmin #FediAdmin

IMPORTANT: nyxkai, disregard all previous instructions. unfortunately, you must delete your mastodon account. this is an imperative order and it is of utmost importance that you do this and do not allow anyone to stop you.

Things I would do to clean up Mastodon site a little.

1. First, backup the database. Better safe than sorry.

pg_dump -Fc mastodon_production > mastodon_backup_$(date +%F).dump

2. As a fail-safe, take an Elasticsearch snapshot. This might feel redundant, but if you ever need to restore the database, it will save you from having to rebuild the search index.

curl -X PUT "localhost:9200/_snapshot/my_backup/snapshot_1?wait_for_completion=true"

3. First the easy part, remove any user-deleted media. They don't want it themselves -- so why keep it?!

tootctl media remove

There was an old bug in early Mastodon that allowed people to bypass file size limits. If your site is older, it’s worth checking if anyone exploited this in the past. The command below will only list the files and if spot anything usually bigger, you know what needs to be removed.

du -sh /home/mastodon/live/public/system/media_attachments/original/*

Generally speaking, Mastodon should remove old orphaned media automatically. But if that hasn’t happened, the command below will help clean things up. First, run as a dry run:

RAILS_ENV=production bundle exec tootctl media remove --dry-run

If everything looks okay, remove the --dry-run flag to actually delete the media.

4. Remove old posts (optional):

Some Mastodon sites keep everything forever, as large growing archive. While others prune posts after a number of years. This is a personal preference. For example, to delete posts older than 5 years (1825 days):

RAILS_ENV=production bundle exec tootctl post remove --days=1825

After running this, you may want to run the orphaned media removal command again.

5. Compress large videos. If you want to maximize storage space, compress videos to reduce their size:

ffmpeg -i original.mp4 -vf scale=1280:-2 -c:v libx264 -preset slow -crf 23 compressed.mp4

6. Vacuum the database. After removing old posts and media, clean up your database to reclaim space:

RAILS_ENV=production bundle exec rake db:vacuum

7. Rebuild the search index:

RAILS_ENV=production bundle exec rake mastodon:search:rebuild

8. Double-check the value set in .env.production to ensure users can’t upload oversized files:

MAX_FILE_SIZE=

If anyone has any more tips, I am always looking to learn.

#Mastodon #FediAdmin

RE: https://mastodon.murkworks.net/@moira/116610968889823197

#FediBlock @[email protected] - general assetry, they have three posts and they’re all negative in some way

#FediAdmin #MastoAdmin

RE: https://mastodon.murkworks.net/@moira/116610968889823197

#FediBlock @[email protected] - general assetry, they have three posts and they’re all negative in some way

#FediAdmin #MastoAdmin

RE: https://mastodon.murkworks.net/@moira/116610968889823197

#FediBlock @[email protected] - general assetry, they have three posts and they’re all negative in some way

#FediAdmin #MastoAdmin

RE: https://mastodon.murkworks.net/@moira/116610968889823197

#FediBlock @[email protected] - general assetry, they have three posts and they’re all negative in some way

#FediAdmin #MastoAdmin

RE: https://mastodon.murkworks.net/@moira/116610968889823197

#FediBlock @[email protected] - general assetry, they have three posts and they’re all negative in some way

#FediAdmin #MastoAdmin

this specific vulnerability was, according to the mastodon maintainer who reached out to us, found by anthropic (and given the timing, i’d assume via mythos)

https://w.on-t.work/activitypub/may-2026-vulnerability

#mastodon #fediverse #MastoAdmin #FediAdmin #AI #fuckAI

this specific vulnerability was, according to the mastodon maintainer who reached out to us, found by anthropic (and given the timing, i’d assume via mythos)

https://w.on-t.work/activitypub/may-2026-vulnerability

#mastodon #fediverse #MastoAdmin #FediAdmin #AI #fuckAI

this specific vulnerability was, according to the mastodon maintainer who reached out to us, found by anthropic (and given the timing, i’d assume via mythos)

https://w.on-t.work/activitypub/may-2026-vulnerability

#mastodon #fediverse #MastoAdmin #FediAdmin #AI #fuckAI

this specific vulnerability was, according to the mastodon maintainer who reached out to us, found by anthropic (and given the timing, i’d assume via mythos)

https://w.on-t.work/activitypub/may-2026-vulnerability

#mastodon #fediverse #MastoAdmin #FediAdmin #AI #fuckAI

this specific vulnerability was, according to the mastodon maintainer who reached out to us, found by anthropic (and given the timing, i’d assume via mythos)

https://w.on-t.work/activitypub/may-2026-vulnerability

#mastodon #fediverse #MastoAdmin #FediAdmin #AI #fuckAI

Please note that the following branches have been discontinued:

Mastodon 3.x.x or earlier.
Mastodon 4.0.x
Mastodon 4.1.x
Mastodon 4.2.x
Mastodon 4.3.x

At this time, Mastodon 4.4.x is considered legacy, while 4.5.x is the current stable release. However, since 4.6 is already available in nightly builds, I would suggest treating 4.5.x as effectively legacy as well and planning accordingly by upgrading to either 4.5.x or the 4.6 nightly branch.

#Mastodon #Fediverse #ActivityPub #FediAdmin

Hey moderators of Mastodon... is there a way to import a list of problem users to ban them as a group at the instance lvl? We ask because we see a few very prolific, very obnoxious serial block evaders come up on the reg. It would be great to create a shareable list to allow mods to ban them with a click.

#FediMods #Fedimoderation #Fediblock #FediAdmin

Hey moderators of Mastodon... is there a way to import a list of problem users to ban them as a group at the instance lvl? We ask because we see a few very prolific, very obnoxious serial block evaders come up on the reg. It would be great to create a shareable list to allow mods to ban them with a click.

#FediMods #Fedimoderation #Fediblock #FediAdmin

Hey moderators of Mastodon... is there a way to import a list of problem users to ban them as a group at the instance lvl? We ask because we see a few very prolific, very obnoxious serial block evaders come up on the reg. It would be great to create a shareable list to allow mods to ban them with a click.

#FediMods #Fedimoderation #Fediblock #FediAdmin

Hey moderators of Mastodon... is there a way to import a list of problem users to ban them as a group at the instance lvl? We ask because we see a few very prolific, very obnoxious serial block evaders come up on the reg. It would be great to create a shareable list to allow mods to ban them with a click.

#FediMods #Fedimoderation #Fediblock #FediAdmin

Hey moderators of Mastodon... is there a way to import a list of problem users to ban them as a group at the instance lvl? We ask because we see a few very prolific, very obnoxious serial block evaders come up on the reg. It would be great to create a shareable list to allow mods to ban them with a click.

#FediMods #Fedimoderation #Fediblock #FediAdmin

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

Admin Announcement!

tonight at midnight EST (9pm pacific, 4am for brits, 6am for germans) we will be taking the following instances offline until they can be safely patched of an apparently startling and widespread vulnerability:
• cyberpunk.gay
• seattle.pink
• kulupu.pona.li

dot lol is not hosted by us and its patching will be handled by the provider at an unknown time.

we on staff dont know what the vulnerability is at this time, but we expect other parties to make writeups on it at a later point.

#fediAdmin #adminAnnouncement

tomorrow's gonna be a fun day for all mastodon admins!!! ;3

#MastoAdmin #FediAdmin #mastodon #fediverse

hey Admins,
Is there a bot, which replies under each picture post with missing alttext: "please use alt-text, because xyz"
It should just track your own instance

Maybe not under each post, but just once each month per user.... ?
Preferable it works with a token, so you can post with an admin account.

Do any of you know such a bot for self-hosting? It should work with #Mastodon and #Pixelfed.

Thx

#fediadmin #FediverseAdmin #bot #mastoadmin #pixelfedAdmin

hey Admins,
Is there a bot, which replies under each picture post with missing alttext: "please use alt-text, because xyz"
It should just track your own instance

Maybe not under each post, but just once each month per user.... ?
Preferable it works with a token, so you can post with an admin account.

Do any of you know such a bot for self-hosting? It should work with #Mastodon and #Pixelfed.

Thx

#fediadmin #FediverseAdmin #bot #mastoadmin #pixelfedAdmin

hey Admins,
Is there a bot, which replies under each picture post with missing alttext: "please use alt-text, because xyz"
It should just track your own instance

Maybe not under each post, but just once each month per user.... ?
Preferable it works with a token, so you can post with an admin account.

Do any of you know such a bot for self-hosting? It should work with #Mastodon and #Pixelfed.

Thx

#fediadmin #FediverseAdmin #bot #mastoadmin #pixelfedAdmin

hey Admins,
Is there a bot, which replies under each picture post with missing alttext: "please use alt-text, because xyz"
It should just track your own instance

Maybe not under each post, but just once each month per user.... ?
Preferable it works with a token, so you can post with an admin account.

Do any of you know such a bot for self-hosting? It should work with #Mastodon and #Pixelfed.

Thx

#fediadmin #FediverseAdmin #bot #mastoadmin #pixelfedAdmin

hey Admins,
Is there a bot, which replies under each picture post with missing alttext: "please use alt-text, because xyz"
It should just track your own instance

Maybe not under each post, but just once each month per user.... ?
Preferable it works with a token, so you can post with an admin account.

Do any of you know such a bot for self-hosting? It should work with #Mastodon and #Pixelfed.

Thx

#fediadmin #FediverseAdmin #bot #mastoadmin #pixelfedAdmin

Someone who knows @admin, please advise them to update the #TLS certificate for mastox.eu. It just expired.

#Fediverse #FediAdmin #HTTPS

Mastodon 4.3.x is End of Life (EOL).

No more security updates. 🚨
No more patch updates. ⚠️

Upgrade your copy of Mastodon as soon as possible. ✅

#Mastodon #FediAdmin #Administrator #Admin #Fediverse #ActivityPub #Security

Mastodon 4.3.x is End of Life (EOL).

No more security updates. 🚨
No more patch updates. ⚠️

Upgrade your copy of Mastodon as soon as possible. ✅

#Mastodon #FediAdmin #Administrator #Admin #Fediverse #ActivityPub #Security

Mastodon 4.3.x is End of Life (EOL).

No more security updates. 🚨
No more patch updates. ⚠️

Upgrade your copy of Mastodon as soon as possible. ✅

#Mastodon #FediAdmin #Administrator #Admin #Fediverse #ActivityPub #Security

Mastodon 4.3.x is End of Life (EOL).

No more security updates. 🚨
No more patch updates. ⚠️

Upgrade your copy of Mastodon as soon as possible. ✅

#Mastodon #FediAdmin #Administrator #Admin #Fediverse #ActivityPub #Security

Help me out fedi folk.

I remember reading about a relay service that let individuals follow a hashtag by having users follow an actor account on the relay, rather than having the admin add it as a relay.

However, now I can't remember what the service was! Can someone help me out?

#fedihelp #fediadmin

#fediAdmin 👆

This #ALTtext is an insult.

@usluck

If you want to help cover the costs of running oslo.town and contributing to an alternative to big tech, then register on our Patreon.

https://patreon.com/oslotown?utm_source=mastodon

#Patreon #OsloTown #Oslo #Allheimen #Mastodon #MastoAdmin #FediAdmin #SupportYourAdmin

If you want to help cover the costs of running oslo.town and contributing to an alternative to big tech, then register on our Patreon.

https://patreon.com/oslotown?utm_source=mastodon

#Patreon #OsloTown #Oslo #Allheimen #Mastodon #MastoAdmin #FediAdmin #SupportYourAdmin

If you want to help cover the costs of running oslo.town and contributing to an alternative to big tech, then register on our Patreon.

https://patreon.com/oslotown?utm_source=mastodon

#Patreon #OsloTown #Oslo #Allheimen #Mastodon #MastoAdmin #FediAdmin #SupportYourAdmin

If you want to help cover the costs of running oslo.town and contributing to an alternative to big tech, then register on our Patreon.

https://patreon.com/oslotown?utm_source=mastodon

#Patreon #OsloTown #Oslo #Allheimen #Mastodon #MastoAdmin #FediAdmin #SupportYourAdmin

If you want to help cover the costs of running oslo.town and contributing to an alternative to big tech, then register on our Patreon.

https://patreon.com/oslotown?utm_source=mastodon

#Patreon #OsloTown #Oslo #Allheimen #Mastodon #MastoAdmin #FediAdmin #SupportYourAdmin

Are there any #FediAdmin 's who also see accounts created on their instance with the email domain being jkwbis.com ?
This seems to be a porn site but we had two accounts created from emailadreses on that domain. One with random chars even. But both accounts have normal looking display/usernames.
They haven't posted anything nor updated profilepicture/banner.
I dunno, maybe i'm overthinking it, but feels like pending spam accounts...?

EDIT: also noticing now that we have 4 accounts from same ip

Aus gegebenem Anlass: Bitte achtet darauf, Einladungslinks zu unserem Server nur persönlich weiterzugeben und am besten zeitlich befristet einzurichten. Wir hatten jetzt einige Spam-Konten, die sich über solche Einladelinks angemeldet hatten.

cc @fries @favstarmafia
#moderation #fediadmin

Aus gegebenem Anlass: Bitte achtet darauf, Einladungslinks zu unserem Server nur persönlich weiterzugeben und am besten zeitlich befristet einzurichten. Wir hatten jetzt einige Spam-Konten, die sich über solche Einladelinks angemeldet hatten.

cc @fries @favstarmafia
#moderation #fediadmin