I just received this #scam email targeting hear-me.social users, trying to get them to log in using a malicious link so their accounts can be stolen.

I hope nobody would be fooled by this.

I will never send an email asking anyone to sign into their accounts and provide a link to do so. I will never provide a link to the login page.

My email address is made public so they are probably only targeting those who have posted their email addresses.

Other #MastoAdmin take notice, as I'm sure other instances are being targeted.

#HearMeSocial #Mastodon #scam

Well, finally, email notifications on hear-me.social are working again. They seemingly broke with the last upgrade and fortunately were also broken on my test instance so I could play around without disrupting services here.

The cause was bizarre, and it took a while to find it.

I have my own email server for a hundred reasons, and it's hosted on Digital Ocean. I host this Mastodon server, (and others) on Digital Ocean. But, around the time I did the Mastodon upgrade, the Mastodon servers could no longer send email.

The cause...

Digital Ocean has a policy to restrict IPV6 access to an SMTP server hosted on Digital Ocean. Mastodon was attempting to connect to my mail server using IPV6 and was blocked. Oddly, I can connect via IPV6 from my home computer, which is against their policy and from other DO servers. Maybe not for long?

I found reference to this Digital Ocean policy in a post from 2014, but other hosters probably have the same policy.

"The main reason behind why we have chosen to block these ports by default is due to how blacklists handle IPv6 addresses, in the event of a spam report. Rather than listing only one address, blacklists will list the full /64 subnet of addresses that the spam report came from, which impacts a whole range of customers and droplets unaffiliated with the incriminating droplet/user. When a whole range is affected, even newly created droplets can be affected if they are assigned an IP for a blacklisted subnet."

Had I known this, I would have set up the mail server to only use IPV4, but it's a bit late to change it. My workaround was to use the IPV4 address for the SMTP server in the Mastodon configuration file instead of using the domain name.

Anyway, anyone on hear-me.social who runs into issues with email from this point on, please let me know.

#SelfHosting #SMTP #Email #DigitalOcean #HearMeSocial

https://hear-me.social is now updated to Mastodon V4.3.1

Information about the update is here: https://github.com/mastodon/mastodon/releases/tag/v4.3.1

Let me know if you notice anything strange

#HearMeSocial

https://phanpy.hear-me.social, the awesome alternative UI for Mastodon (and other Fediverse applications) has just been updated to the latest release.

If you haven't tried #Phanpy, I highly recommend you try it.

Full details of the latest version are here: https://github.com/cheeaun/phanpy/releases/tag/2024.10.08.0a176e2

#Mastodon #hearmesocial @cheeaun

#HSLdiary #HSLmichael #HSLthread #HearMeSocial||

12,000 characters on "hear-me.social". I barely have inspiration for 20, since I've just written 24 posts (spent my whole day on it) to avoid submitting an empty social page to Google Play Store. I'm going to embed Mastodon on my new mobile app. It seems like "hear-me.social" is a bit more sapio than sexual. And I take the 12K limit as a welcome gift—thank you! I might be a bit spammy since I have to copy and paste my 24 posts. The HTML editor looks a bit small to write a dictionary, to be honest!

My text is 550 characters long, and what a pleasure it is to not have to waste several minutes trying to reduce my thoughts. I mean, posting dozens of messages a day can waste 30 minutes of life on a daily basis, sometimes for just 3 or 5 characters. Also, not having to split one thought into 3 or 15 posts is a relief. It's a crossover between WordPress and Twitter: the complexity of a long post combined with the ease-of-use of a social network. It's indeed more 'mind' focused, rather than just a post you produce in 3 minutes and consume in 3 seconds.

hear-me.social

Hi,

A favor 🙏 please from those who follow this Mastodon account.

I've opened a #Friendica server, https://my-place.social, and over the past few days, after forcing myself to overcome a rather steep learning curve, which continues, I've begun to prefer it over Mastodon.

If you follow this account, my Mastodon account, and still want to follow me, can you also follow @[email protected], if you haven't already done so?

Thank you! 🙏

#HearMeSocial

The individual account [email protected] has been suspended from hear-me.social because one of the images the account posted has been reported to us by Cloudflare as CSAM (Child Sexual Abuse Material). The account is suspended for posting illegal content (and for posting disgusting and evil content).

The images have been removed from our Media storage and any attempt to access the URLs will forever return a 451 error (Legal Block).

#HearMeSocial #FediBlock

I'm a small instance, but #Cloudflare, in the past 24 hours, has blocked 3,150 attacks against this server. The blocked attacks never reached the server.

This is why I put the server behind Cloudflare. There is no way I could set up a firewall with all the rules they use for detecting different types of attacks. I don't have the time or the knowledge.

And the server doesn't have to spend resources doing the battles. Cloudflare's proxy servers fight the battle.

#HearMeSocial

#Threads will now let people on Threads see "likes" and replies to their Threads posts that appear on other federated social media platforms, like Mastodon. This is an improvement as of yesterday.

Threads users still need to opt in to allow their posts to be seen outside Threads. It is turned off by default.

While Threads users can now see the replies and the likes inside their Threads account, they still cannot reply back via Threads. But, this is one step closer to the promised integration.

hear-me.social federates with Threads (not all Mastodon servers do) but has it limited on the belief, and in mitigation of, the expectation that their moderation will not be done as well as a Mastodon instance, allowing it to otherwise be a spam and scam attack platform against federated servers. We do remove the limit on certain Threads accounts as exceptions. For example, Biden's Threads account is not limited here (@potus). Nor some of my favorites like @gtconway3

Anyone here can request that the limit be removed from any particular Threads account.

You can read our Threads policy and what all this means at https://jerry.hear-me.blog/threads-and-hear-me-social-faq/

#HearMeSocial