Community chat down?


#1

As you may notice, the usual links to our Community channel are down.

The good news: Since Matrix is federated the channel isn’t really down, it continues to run on other servers.

The bad news: Since Matrix.org is the major server of the entire Matrix universe the majority of users went down with their infrastructure.

So far I can say that there was a security incident happening on the Matrix infrastructure and they are currently reconstructing the entire infrastructure from scratch, according to their Twitter announcement.

Without being able to provide any more details, we will see the community channel back fully functional in a few hours. When your Matrix account is hosted on Matrix.org please make sure to change your password and the password you may used to identify to any IRC bridges.

Hint: When you wonder whenever your account is hosted on Matrix.org or not, it’s very likely that it is. Changing your password shouldn’t hurt.

Hope to see you soon again :wave:

PS: In the mean time, feel free to populate the CodiMD community forum :rocket:


#2

Matrix.org gave put some more details about the incident:

https://matrix.org/blog/2019/04/11/security-incident/

TL;DR: As mentioned in the initial posting here, change your passwords (and NickServ passwords) as soon as the service is restored. Also use End-to-End-Encryption for all your private conversations.

The Matrix.org infrastructure was rebuild from scratch to make sure the attacker’s code didn’t remain anywhere.

Also as already mentioned: As soon as the homeserver is back up, things will continue to work normally.

So in order to stay safe, keep your software up-to-date! This applies to your Matrix client, your webserver and CodiMD instance, as well as any other software you run. :+1:

Stay safe and see you soon in the community channel :wave:


#3

This doesn’t look good:

P.S.: BTW, there is something wrong with my Gravatar and possibly with images in general. I also get a broken image for the GitHub preview just above.


#4

So after tonight’s announcement that they got rid of the attacker, there was a second incident happening which resulted in the homeserver being down again.

This seems to be resolved once more now.

Let’s hope this was the last successful attack and continue our normal business.

But I decided, in order to improve our control about such incidents, to run an own riot instance for CodiMD. Not a synapse instance. We won’t host your account, but we’ll provide you a webinterface.

This should allow us to be flexible in case such an incident happens and switch home servers. I’m open for suggestions.