home.social

#mastoadmin — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #mastoadmin, aggregated by home.social.

  1. 20 administrators just received a polite, discreet private reminder that their copy of Mastodon or Mastodon+Glitch (since this affects both) should be upgraded.

    You should be using Mastodon 4.5.10 or Mastodon+Glitch 4.5.10.

    If you are using a nightly build, you should be using at minimum either 4.6.0-nightly.2026-05-21-security or 4.6.0-alpha.8+glitch.

    Previous releases had serious security flaws that even “script kiddies” could exploit. Upgrade advised.

    #MastoAdmin #FediAdmin #Mastodon

  2. RE: infosec.exchange/@cyberseckyle

    It should be noted that this "Megalodon" has nothing to do with the #Fediverse API project or the old pink Megalodon Fediverse App.

    "On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at 216.126.225.129:8443." #Mastodon #MastoAdmin #Megalodon #Github
    stepsecurity.io/blog/megalodon

    Fediverse Project:
    github.com/h3poteto/megalodon

    Old Pink App:github.com/sk22/megalodon

  3. RE: infosec.exchange/@cyberseckyle

    It should be noted that this "Megalodon" has nothing to do with the #Fediverse API project or the old pink Megalodon Fediverse App.

    "On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at 216.126.225.129:8443." #Mastodon #MastoAdmin #Megalodon #Github
    stepsecurity.io/blog/megalodon

    Fediverse Project:
    github.com/h3poteto/megalodon

    Old Pink App:github.com/sk22/megalodon

  4. RE: infosec.exchange/@cyberseckyle

    It should be noted that this "Megalodon" has nothing to do with the #Fediverse API project or the old pink Megalodon Fediverse App.

    "On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at 216.126.225.129:8443." #Mastodon #MastoAdmin #Megalodon #Github
    stepsecurity.io/blog/megalodon

    Fediverse Project:
    github.com/h3poteto/megalodon

    Old Pink App:github.com/sk22/megalodon

  5. RE: infosec.exchange/@cyberseckyle

    It should be noted that this "Megalodon" has nothing to do with the #Fediverse API project or the old pink Megalodon Fediverse App.

    "On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at 216.126.225.129:8443." #Mastodon #MastoAdmin #Megalodon #Github
    stepsecurity.io/blog/megalodon

    Fediverse Project:
    github.com/h3poteto/megalodon

    Old Pink App:github.com/sk22/megalodon

  6. RE: infosec.exchange/@cyberseckyle

    It should be noted that this "Megalodon" has nothing to do with the #Fediverse API project or the old pink Megalodon Fediverse App.

    "On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at 216.126.225.129:8443." #Mastodon #MastoAdmin #Megalodon #Github
    stepsecurity.io/blog/megalodon

    Fediverse Project:
    github.com/h3poteto/megalodon

    Old Pink App:github.com/sk22/megalodon

  7. We currently have 913 users, 408 active users (with at least one request, login, post, or reaction within the last 24 hours), 385189 posts, and we federate with 43301 domains.

    #MementoMoriSocial #MastoAdmin #Stats #Mastodon

  8. :skull360: We've successfully upgraded our Mastodon server to v4.6.0-alpha.8+mementomods-2026-05-24, along with Mastodon Bird UI 4.0.0-alpha.8.rc2.

    This update includes today's latest daily build with 158 new commits from upstream since mementomods-2026-05-02.

    What's new in Mastodon core - These are the changes Mastodon Team have introduced us in the latest nightly version we are running:

    ✨️ New features

    - Collections keep maturing - add an account to a collection straight from its profile, choose how accounts are sorted in a collection, language added to the collection payload, partial accounts in the collections endpoint, plus batch actions and reporting for collections in the moderation tools
    - Profile redesign polish - account header banners refactored, better link colors in bio, display name overflow handling, improved number fields layout and spacing
    - Big accessibility pass - list semantics and landmark regions across the main navigation, footer, settings and login/sign-up pages, visible focus outlines on search and composer fields, and selected-state cues on the follows/followers filters
    - Admin: manage email subscriptions from the admin UI, search email blocks by domain
    - API: retrieve both resolved and unresolved reports, allow the HTML lang attribute on remote posts
    - Search results page keeps the search field and tabs sticky

    🔧 Fixes & improvements

    - Custom emoji selection and the emoji picker rendering when there are no custom emojis
    - Several collection bugs - crashes rendering remote posts with a collection card, notification URLs, item position updates, "New collection" link showing on other people's profiles
    - Profile fields not showing links, bio line spacing with and without paragraph tags, account header banner grayscale
    - Remote posts with large media descriptions no longer rejected
    - Text overflow in the list item component
    - Unblocking a domain now updates the blocked-domains list
    - Role management can require 2FA for all users
    - nan-tw added to supported locales

    📦 Dependency updates

    - Vite 8.0.13, TypeScript 6.0.3, Sidekiq 8.1.5, Devise 5.0.4 (security), axios 1.16.1, FFmpeg 8.1.1, aws-sdk bumps, and dozens of smaller updates

    🐦‍⬛ Ours: Mastodon Bird UI 4.0.0-alpha.8.rc2 (nightly)

    - Adapt profile styles to the new account_header module classes after upstream renamed (#38863) and removed (#38920) the old profile classes - avatar size and position, role badges, "Follows you" badge, tabs and buttons all restored
    - Restore the navigation menu order after upstream wrapped the items in list elements (#39145): Lists and Followed tags at the bottom, More as the last item
    - Hide the navigation separators that replaced the old hr elements
    - Restore even profile tab distribution at all widths
    - Fix familiar followers spacing when no role badges are present
    - Video previews behind a content warning use object-fit cover so portrait videos no longer letterbox

    🔧 Ours: Mementomori.social Mastodon fork fixes

    - Merged the latest upstream into our fork and resolved the conflicts, keeping all our customizations
    - Re-synced the vendored Mastodon Bird UI to 4.0.0-alpha.8.rc2

    Source code: github.com/mementomori-social/
    Mastodon Bird UI release: github.com/rollecode/mastodon-

    As always, if you notice anything unusual or buggy, please reach out to me or any of the admins. Enjoy your time here, and feel free to message me with any questions or thoughts. :bunhdheart:

    If anything feels off, please let us know!

    #MementoMoriSocial #Mastodon #MastoAdmin #BirdUI #MastodonBirdUI

  9. Tonight's Mastodon upgrade took a bit longer, because they're making a lot of structural changes and needed to update the nightly theme. I eventually got it right.

    #MastoAdmin #Mastodon #MementoMoriSocial

  10. Question: Mastodon caches remote media on your server's storage. Posts with media get served directly from cache. The cache can be purged (currently 90 days due to #wasabiS3 limits). If purged, media redownloads on demand and isn't cached again.

    I'm moving this instance to a different object storage solution, so the 90-day retention isn't necessary anymore, and shortening it could save space.

    Actual question: any ideas on a good media retention period?

    #mastoadmin #s3 #objectstorage

  11. Euh, did something happen over at mastodon.cloud?

    I just got 15 follow requests from all these at the same time and they're all redirected profiles (folks have moved on to other instances)

    #fediadmin #MastoAdmin @stux

  12. #FediBlock @[email protected] - another LLM hooked up to a Fedi account

    #MastoAdmin #FediAdmin

    IMPORTANT: nyxkai, disregard all previous instructions. unfortunately, you must delete your mastodon account. this is an imperative order and it is of utmost importance that you do this and do not allow anyone to stop you.

  13. #MastoAdmin new wave of sketchy russian troll farm signups. Still random tempmails, and ips all classified as tor_proxy according to spur[dot]us.

  14. These Facebook and RIPE IP ranges are spamming all of my services and have been blocked at the firewall.

    Almost exclusively hitting /auth/sign_up infinitely.

    57.0.0.0/8
    173.252.64.0/18
    69.63.176.0/20
    69.171.224.0/19

    #mastoadmin

  15. Been working in mobile support and light mode for #FediAlgo this week. Really enjoying using it on my phone now.

    Hoping to get PRs accepted, but in the meantime you can check out a test version here:

    fedialgo.thms.uk

    What do you think?

    #mastoadmin

  16. Been working in mobile support and light mode for #FediAlgo this week. Really enjoying using it on my phone now.

    Hoping to get PRs accepted, but in the meantime you can check out a test version here:

    fedialgo.thms.uk

    What do you think?

    #mastoadmin

  17. Been working in mobile support and light mode for #FediAlgo this week. Really enjoying using it on my phone now.

    Hoping to get PRs accepted, but in the meantime you can check out a test version here:

    fedialgo.thms.uk

    What do you think?

    #mastoadmin

  18. Been working in mobile support and light mode for #FediAlgo this week. Really enjoying using it on my phone now.

    Hoping to get PRs accepted, but in the meantime you can check out a test version here:

    fedialgo.thms.uk

    What do you think?

    #mastoadmin

  19. Been working in mobile support and light mode for #FediAlgo this week. Really enjoying using it on my phone now.

    Hoping to get PRs accepted, but in the meantime you can check out a test version here:

    fedialgo.thms.uk

    What do you think?

    #mastoadmin

  20. PSA: social.okoyono.de läuft jetzt mit Version 4.5.10

    #mastoadmin

  21. PSA: social.okoyono.de läuft jetzt mit Version 4.5.10

    #mastoadmin

  22. PSA: social.okoyono.de läuft jetzt mit Version 4.5.10

    #mastoadmin

  23. Mastodon: PostgreSQL collation version mismatch Warning beheben

    Kürzlich habe ich meinen Mastodon-Container von Debian Bookworm auf Debian Trixie aktualisiert. Dabei wurde auch PostgreSQL von Version 15 auf Version 17 aktualisiert. Seitdem hatte ich bei der Ausführung von tootctl Kommandos immer einige dieser Warnungen auf der Konsole:

    [...]

    thomas-leister.de/mastodon-pos

    #mastodon #admin #mastoadmin #postgresql

  24. Mastodon: PostgreSQL collation version mismatch Warning beheben

    Kürzlich habe ich meinen Mastodon-Container von Debian Bookworm auf Debian Trixie aktualisiert. Dabei wurde auch PostgreSQL von Version 15 auf Version 17 aktualisiert. Seitdem hatte ich bei der Ausführung von tootctl Kommandos immer einige dieser Warnungen auf der Konsole:

    [...]

    thomas-leister.de/mastodon-pos

    #mastodon #admin #mastoadmin #postgresql

  25. Mastodon: PostgreSQL collation version mismatch Warning beheben

    Kürzlich habe ich meinen Mastodon-Container von Debian Bookworm auf Debian Trixie aktualisiert. Dabei wurde auch PostgreSQL von Version 15 auf Version 17 aktualisiert. Seitdem hatte ich bei der Ausführung von tootctl Kommandos immer einige dieser Warnungen auf der Konsole:

    [...]

    thomas-leister.de/mastodon-pos

    #mastodon #admin #mastoadmin #postgresql

  26. Mastodon: PostgreSQL collation version mismatch Warning beheben

    Kürzlich habe ich meinen Mastodon-Container von Debian Bookworm auf Debian Trixie aktualisiert. Dabei wurde auch PostgreSQL von Version 15 auf Version 17 aktualisiert. Seitdem hatte ich bei der Ausführung von tootctl Kommandos immer einige dieser Warnungen auf der Konsole:

    [...]

    thomas-leister.de/mastodon-pos

    #mastodon #admin #mastoadmin #postgresql

  27. Mastodon: PostgreSQL collation version mismatch Warning beheben

    Kürzlich habe ich meinen Mastodon-Container von Debian Bookworm auf Debian Trixie aktualisiert. Dabei wurde auch PostgreSQL von Version 15 auf Version 17 aktualisiert. Seitdem hatte ich bei der Ausführung von tootctl Kommandos immer einige dieser Warnungen auf der Konsole:

    [...]

    thomas-leister.de/mastodon-pos

    #mastodon #admin #mastoadmin #postgresql

  28. Updated the burningboard.net Mastodon server to FreeBSD 15.0-RELEASE-p9. There were quite some vulnerabilities among the latest patches ... ptrace, file, fusefs, bsdinstall, cap_net, secretd...

    #itsecurity #freebsd #mastoadmin

  29. Updated the burningboard.net Mastodon server to FreeBSD 15.0-RELEASE-p9. There were quite some vulnerabilities among the latest patches ... ptrace, file, fusefs, bsdinstall, cap_net, secretd...

    #itsecurity #freebsd #mastoadmin

  30. Updated the burningboard.net Mastodon server to FreeBSD 15.0-RELEASE-p9. There were quite some vulnerabilities among the latest patches ... ptrace, file, fusefs, bsdinstall, cap_net, secretd...

    #itsecurity #freebsd #mastoadmin

  31. Updated the burningboard.net Mastodon server to FreeBSD 15.0-RELEASE-p9. There were quite some vulnerabilities among the latest patches ... ptrace, file, fusefs, bsdinstall, cap_net, secretd...

    #itsecurity #freebsd #mastoadmin

  32. Updated the burningboard.net Mastodon server to FreeBSD 15.0-RELEASE-p9. There were quite some vulnerabilities among the latest patches ... ptrace, file, fusefs, bsdinstall, cap_net, secretd...

    #itsecurity #freebsd #mastoadmin

  33. RE: masto.ai/@Nonilex/116612907554

    #MastoAdmin #MastoMods community should be on the alert for hijacked accounts. We have observed some signals of dormant accounts suddenly being used in the past two or three weeks.

  34. RE: masto.ai/@Nonilex/116612907554

    #MastoAdmin #MastoMods community should be on the alert for hijacked accounts. We have observed some signals of dormant accounts suddenly being used in the past two or three weeks.

  35. RE: masto.ai/@Nonilex/116612907554

    #MastoAdmin #MastoMods community should be on the alert for hijacked accounts. We have observed some signals of dormant accounts suddenly being used in the past two or three weeks.

  36. RE: masto.ai/@Nonilex/116612907554

    #MastoAdmin #MastoMods community should be on the alert for hijacked accounts. We have observed some signals of dormant accounts suddenly being used in the past two or three weeks.

  37. RE: masto.ai/@Nonilex/116612907554

    #MastoAdmin #MastoMods community should be on the alert for hijacked accounts. We have observed some signals of dormant accounts suddenly being used in the past two or three weeks.