M ☮(So, since this is a rare public post I should mention that I wasn't aware of the Yesterweb drama from 2023 until a few hours ago, so please bear with me and my stupidity. I also mirrored this post to my Nekoweb blog and made some very minor, rather irrelevant edits: https://jevel.nekoweb.org/blog/2026/2802-yesterweb-hack)
While Yesterweb's Discord and forum shut down three years ago, their Geminispace hosting service still was up, albeit in a neglected state. It lacked a valid certificate for a year and only a few weeks ago a new one has been issued that's valid until February, 2027. I emailed Iris ("seapunk") about this last year but never received a response and this should've been a clear sign that things got a little bad behind the scenes, even without being aware of the drama surrounding a few admins that tried to turn Yesterweb into some Lenin-style revolution.
Somewhere after 20 February, 2026 all capsules Yesterweb hosted on Geminispace got wiped of their gemtexts, only leaving empty directories behind. I was busy and bedridden around this time and only noticed it last night, so I emailed Iris again and was surprised to receive a response this time around but even moreso about them admitting that they don't even maintain Yesterweb's Geminispace capsule, despite their email being listed as the one to refer to when issues with Yesterweb's capsule hosting service arise. They forwarded my email to two other people, Tsvety and D4708, and the former gave a detailed response as to what happened:
I am running that server, have backups, and control the domain (but not every service under it). First of all, let me apologize for the unexpected, unannounced, and unexplained going-offline. I became aware of this issue (thanks to D4708) on the morning of the 25th, the logs pointed to it having happened on the 23rd, and I immediately shut the server down. In an ideal world, I would send out a mass email to all users while I immediately work on a fix. However, I do not have anybody's contact info and have nary an ounce of spare time until the 1st, where I can only spend a few hours.
The logs only go back a week or two and seem to indicate that a malicious actor abused the webdav uploading service, deleted everything, and took a look through all of the server's files. I also saw log messages that show that somebody knows that this thing is running on PM2 and that they tried to log into ssh with specific PM2-related creds. It has kind of spooked me for a while that this has been running on my machine and I don't know what's inside of it, and this really confirmed that in my uninformed eyes. I had to fiddle with nodejs packages one or two years ago and I almost broke it.
Tsvety states that a backup exists but only for gemtexts and directories created up until 1 February, 2026. Anything that was published between 2 and around 23 February is gone, unless capsule owners kept their own local backups or some Geminispace crawler picked it up to archive.
I can probably help somebody get this thing running on somebody else's server and point the DNS to them (ideal!). I can make an attempt to host this content with a mainstream gemini server as a bandaid, thus making the whole thing read-only. I can't do anything other than provide copies of the data until at least the 1st.
I'm not going to blame Iris, Tsvety or D4708 who act in good faith and at least try to be transparent about it, despite their individual time and energy constraints.
They'd have emailed every capsule owner if Yesterweb required email registrations, which it doesn't, so I'm relaying this to anyone who may be just as out of the loop of anything Yesterweb and Geminispace/smol web stuff snd those still using Yesterweb on Geminispace. However considering that a malicious actor who may be related to the 2023 drama went out of their way to hack into Yesterweb's Geminispace server and delete every gemtext it hosted almost exactly three years after the project's Discord shut down should make everyone glad that they didn't rely on email registration or else personal email addresses and password's could've gotten stolen. This still affects private keys, though, and right now no capsule hosted on Yesterweb should be considered still belonging to those that created them, including mine (magda.cities.yesterweb.org).
Knowing this, I'll move my own stuff somewhere else. I still don't know whether I'll stay on Geminispace and move to flounder.online or capsule.town OR go through the hassle of converting every gemtext into HTML or a different Markdown flavor to host on the HTTP web, further delaying the start of this year's observation season regardless. I'm still not fully recovered and my brain hurts from nearly losing two and a half years of work (which I luckily manage offline via local copies) AND reading about the 2023 drama shortly after.
YGGverse
Joanne🕸(aka joan8ied)
port_55
🏴☠️ 0ryX 🏴☠️
lianna
Liera 
Skeeter
ℹ️❤️🖥 aka Compy-chan
Pudingoii