BTW I broke everything again in the update process :D #AdminsOfMastodon

I have to be careful with the accounting of the mastodon server. A Prometheus exporter monitors how many files I have and how much storage I use. I checked the implementation and looks like every time it has to count does a couple of dozen calls. Then I calculated it very frequently and spent 20$ in a couple of minutes on API calls. :D

#AdminsOfMastodon

Hello #Mastodon #mastodonadmins #adminsofmastodon. Does anyone know why I can not see someones followers? Thank you

God bless automatic restore of backups as a check that your backups are correct. I was messing up my instance backups #AdminsOfMastodon

Te przekaźniki w #Mastodon to działają? Ktoś się w tym orientuje?

Dodałem sobie kilka do serwera jakiś czas temu i wszystkie wiszą w stanie "Oczekiwanie na przyjęcie przez przekaźnik"

#fediwersum #pomoc #adminsofmastodon #admin #adminszukażony

Any new small instance's around and have open registration?

#askfediverse #askmastodon #adminsofmastodon

It occurred to me that many, if not most #Mastodon instances are run by one person who maintains the server infrastructure (not just an admin Mastodon account). That leaves large chunks of the fediverse with a Bus Factor of 1, meaning if that one owner was suddenly hit by a bus and died, there would be no one left to maintain an instance.

Ideally, an instance should have at least two trusted people in geographically separate areas who can maintain the server infrastructure.

Please boostthis post and tag your instance admin in a reply to see how they are mitigating this risk.

cc: @jerry @stux

#Mastodon #AdminsOfMastodon #RiskManagement #DisasterRecovery #InfoSec

I will eventually open registrations for evilmeow.com once I feel a bit more comfortable.

I will do it with the long term thinking of maintaining this for long but it is impossible to commit to something forever. The best I can say is that if I ever think that I cannot manage it I'll be more than happy to pass the keys to someone else.

That is also the reason not to reuse the domain for more stuff.

#AdminsOfMastodon

Hi everyone, I just released version 1.1.1 of my #Mastodon #DMARC Survey tool, updated survey results, and additional documentation. This release adds a DNSSEC check and SPF record validation. Error and warning fields are now included in the CSV for easy troubleshooting. This is to help administrators configure DMARC to help prevent attackers from spoofing a domain.

Even if you looked at the results from last Friday, it's worth taking a look at these new results.

https://github.com/seanthegeek/mastodon-dmarc-survey

#Infosec #InformationSecuriy #phish #phishing #spoofing #adminsofmastodon #OpenSource #OpenSourceSoftware #FLOSS #Python #CLI #API

I seem to have had some hickups when updating #mastodon and now in not sure im seeing all toots. Feels very quiet in the Fediverse this morning. #mastodonadmin #adminsofmastodon

In the short time I've been the #Mastodon #Fediverse so far, I've talked a lot about how #DMARC can help prevent #spoofed #emails from being delivered to their targets, in light of a wave of Mastodon-themed phishing. That made me wonder, "How many Mastodon instances have a DMARC record on their domain? How many of those are set up to properly?" For their own security Users should join servers with an enforced DMARC policy, and instance admins should enforce DMARC on their domains to protect users and attract a security conscious userbase.

I wrote a script that queries instances.social for the 1000 top Mastodon instances based on the number of active users, feeds that list to #checkdmarc to query for, parse, and validate DMARC #DNS records. Here are the results.

https://github.com/seanthegeek/mastodon-dmarc-survey

As of earlier today, 148 instances with a combined 295, 975 active users had an enforced DMARC policy (p=quarantine or p=reject). 113 instances with a combined 168,965 active users have deployed a monitor only policy, 3 instances with a combined 577 active users have an invalid DMARC record, and 113 instances with a combined 486,972 active users don't have any DMARC record.

As I looked through the list of instances, I noticed that infosec.exchange is now the 7th largest Mastodon instance on the public internet, with 18,328 active users (and counting. Thanks @jerry!

#Infosec #InformationSecuriy #phish #phishing #spoofing #adminsofmastodon #OpenSource #OpenSourceSoftware #FLOSS #Python #CLI #API

@stux Admins of Mastodon instances should ensure their legitimate emails and being properly DKIM signed, then publish a DMARC record with a reject policy in DNS to prevent #phishing emails from spoofing their email domain in the from address.

I wrote a blog post on how DMARC works a while back. Let me know if you have questions. I'm happy to help.

https://seanthegeek.net/459/demystifying-dmarc/

#infosec #informationsecurity #cybersecurity #mastodon #adminsofmastodon #phishing #spoofing #dkim #dmarc #email #security

@theghostoftomjoad shout out to this man/woman/group this is great stuff below
https://medium.com/@theghostoftomjoad/how-to-block-server-domains-in-mastodon-899b24f8fb6e
#adminsofmastodon #admin #administration #mastodonadmin #mastodonadmins #follow #followfriday

@tswan @jcrabapple @brendan

Good to know, thank you! I'll think about some easy lift ideas to get something like that off the ground.

#AdminsOfMastodon

Who's got a guide to being an admin/moderator on a masto server? Besides the little bit at fedi.tips and the official docs. Thanks

#admins #adminsofmastodon #Moderation

Shout-out to all #adminsofmastodon and all contributors, this thing works so much smoother and, crucially, more stable than it has any right to. I vividly remember big, corporate social media sites dealing with big influxes of users/traffic and it was not pretty.
Moving here was very smooth, the tech side works brilliantly and I don't understand all these "it's confusing"-posts. You follow people, you post, you comment and engage, you fave and re-blog. It's social media... #mastodon #fediverse

Mal eine Frage an die ganzen #mastodon #admins #adminsofmastodon: Was ist, wenn der Betreiber eines Mastodon-Servers keinen Bock mehr hat? Sind dann alle User-Accounts im Eimer?

Still thinking about my own instance.. All this years I was able to get around docker. I think its time to learn how to use it. Or at least something in that direction. Docker VS Podman? From a beginners perspective. For private use and local development. Any thoughts?

It seams that there is a shift to Podman at the moment. But the integration of Docker in VS Code (via plugin) looks pretty neat.

#server #instance #administration #adminsOfMastodon #fediverse #ActivityPub #poll