It’s a known issue - I have been working with @melroy@kbin.melroy.org for a while now to resolve. I think we now understand what is happening under the hood, but not yet why it is happening.

lemmy (running on infosec.pub) does support both post formatting and previews. mbin supports post formatting, but not previews (yet)

There were lots of changes around the same time. I removed fedia.io from the CDN a few days ago though didn’t announce it, yet the errors continue.

What works for me on both mastodon and Lemmy is a free text question: why do you want to join?

The user enters whatever they like and it goes into a moderation queue. Both lemmy and mastodon send me an email when a new account is ready to review.

I read the response and choose to whether to approve their account. At the moment, spammers are really bad at answering the “why do you want to join” questions.

Howdy! Mbin (and lemmy) are very different things. It’s sort of like the difference between Twitter and Reddit. You can sort of interact back and forth, but to get the full experience, you have to either be on a lemmy or mbin (or piefed) instance.

it’s hard to make a blanket statement, because it depends on the details of the application. CSRF attacks are definitely real and common, but using csrf tokens isn’t critical in every application. For example, I think we have CORS headers enabled, I don’t think we have functionality that allows embedded iframes, but we do allow links - if we have administrative functions that can be triggered solely with GET parameters, then someone could trick an administrator into doing something that caused damage by clicking on a link in a post. The only one that would obviously work that I can see is “logout”, which would be annoying, but not world ending, and would work for everyone, not just administrators.

ok - I just had it happen again while looking at logs. interestingly, there was NOT a CSRF log when that happened. There were a bunch of other errors, but enough that I could look through all of them and see that they were all related to activitypub issues - signaturevalidator and the like

Indeed. I am trying to get it to happen again now that I’ve got the logs filtered down to a manageable level.

I do not have 2fa turned on right now.

deleted by creator

I have so many errors in prod.log that it’s hard to tell for certain, but when I try to filter out those that are associated with failed federation events, that seems to be when I’m left with. I am trying again to see if I can confirm

Most interesting: the problem had only been happening on MS Edge on my laptop. I have been using safari on my phone without issue. Just a bit ago, i refreshed the page and now every time I revisit the site, I have to log back in, just like on Edge. It’s like the old session expired and the new ones aren’t sticking. I’ll try FF on my phone.

Note: even in the time I started typing this reply to when I hit the “add comment” button, I got logged out

This annoys me about the fediverse - people take a chance on coming here and then repeatedly get left in the dark when their instance is shut down. That’s why I was so very happy when you and others helped me get fedia.io back to healthy.

I moved fedia.io away from fastly. I have a nagging feeling it has something to do with fastly. Can you let me know if you continue to see this?

It really is great and we’re very lucky to have the mbin team that we do. I sincerely appreciate them, as should everyone on fedia.io and the other mbin instances.

I’ve had quite a lot of experience in interacting with the mbin team and I can definitely say they are kind and compassionate people who have a passion for this project and have shown nothing but helpfulness and grace to me and many other people.

If you can, please try again. If you still have problems, shoot me an email to jerry@infosec.exchange and I’ll troubleshoot the issue

ok - there was a problem with the mbin queues on fedia - I think that may have caused the problem with registrations. Can you give it another shot? Also, if that doesn’t work for whatever reason, please shoot me an email to jerry@infosec.exchange so I can debug the issue.

I’ll check

Mbin has some rough edges still but I like the interface much better than lemmy (I also run a lemmy instance so feel ok comparing them)