>new vegas multiplayer requires a discord account for βauthenticationβ why the fuck are developers discordgating downloads, instructions and now authentication?
its april fools day and i totally forgot to plan a gag, i have let down my entire website and myself. i will wear this great shame for the remainder of my days
another day another mastodon exploit. apparently mastodon has the poast exploit from may 2023 @alex
The latest Mastodon security vuln (GHSA-jhrq-qvrm-qr36) appears to be an exploit that can be used against instances that host their media on the same domain as the Mastodon instance itself
so for like maybe two months ive been trying to figure out why minds doesn't see our replies and we like never see any minds shit on poast so I figured while I wait for a pint to chill I'd look into it.
what happened was exactly as it was intended to work, but the reason it worked is absolutely retarded.
we have safeguards in place to mitigate ddos and one of them is filtering multiple requests from a single origin IP with multiple user agents. what minds does is proxy their users fetching poast media behind minds.com IPs but forwards their user agent to poast, so poast's security filtered them and have kept them filtered
this has been rectified. you should see minds people coming in soon hopefully.
there is no fix on our part besides allowing minds to bypass this security. the fix is not forwarding your users user agents
so for like maybe two months ive been trying to figure out why minds doesn't see our replies and we like never see any minds shit on poast so I figured while I wait for a pint to chill I'd look into it.
sharing this in the event some of you instance admins haven't seen it. i checked ours, he's using the user agent string "unshortenit 0.4.0" and has been hammering at the rate of 5r/s since 01/Dec/2023:00 :28:46 +0000
ive blocked the user agent string and blackholed the ip. apparently this guy @Drand was given grant money to do this and is conducting himself in a malicious manner. perhaps some of that grant money should be given to instance operators
sharing this in the event some of you instance admins haven't seen it. i checked ours, he's using the user agent string "unshortenit 0.4.0" and has been hammering at the rate of 5r/s since 01/Dec/2023:00 :28:46 +0000
i am happy to announce the bug that deletes characters in both directions when you backspace on mobile has been resolved. close ur shit, refresh or whatever
good morning. overnight someone made multiple 5$ donations to poast using multiple emails and the same credit card likely with the intention of charging them all back causing us 15$ in dispute fees each one