You should change the public IP of the server if you haven’t already
You should change the public IP of the server if you haven’t already
This. So much this.
I used https://sub.rehab/ to import my reddit subs. Didn’t do all of them but it’s good enough so far
Can I Google their name?
Good point. I suppose the only way to fix that particular issue to disallow cookie authentications from a new location
Prior to the JWT secret being rotated, yes, they could have authenticated as you. The tokens are now all invalid and useless
Does an admin account have any permissions to view email addresses or data of registered users?
Did MichelleG not have 2FA enabled?
Now that this has happened, it’s be worth pushing this issue through as high priority. If HttpOnly
was enabled, then an admin takeover would not have been possible.
Petition to change the lemmy.world logo to Lenny
Cloudflare masks the origin IP address and has DDoS protection. Unless it’s a DoS against the software, yes, it is a long term solution.