I was thinking of doing exactly this. Migrating my Mastodon install to Docker.

I run cron jobs to execute CLI commands, how would that work with Docker?

https://mattburke.dev/migrating-native-mastodon-install-to-docker/ from @matt

#MastoAdmin #Mastodon

Ok, I see you could do things like:

```
docker compose exec web bin/tootctl xzy
```

Still it's not super clear to me how to set it up and migrate the existing instance. Feels like several steps for each service, PostgreSQL, redis... I honestly thought it was just setting a composer file and doing `docker-compose up -d`

#Docker #MastoAdmin #Mastodon

Hey #mastoadmin folks, the email/username tactics have changed for the troll farms.

- The applications seem to be mostly the most tediously boring CV personal statements possible, including stuff like "respectful conversation" etc.

- Sometimes their request is exactly the same as others you've seen, but with the pre-generated bio string (accidentally?) included. You know, the "Known for ???", "while working in place as occupation", or something about lo-fi.

- Keep an eye out for applications with usernames like firstnamelastname_letter with the email address being approximately that string with the _ replaced by a short alphanumeric string.

- They're putting more effort into getting emails. I had one just now that used atomicmail.io instead of an easier tempmail options like emailondeck or whatever ones are spitting out the .app and .top domains.

- The IPs are not always tagged as tor_proxy but that could just have been luck on their part with the spur(.)us tagging. They're still tagged as a random vpns and proxies though.

These troll farm assholes are also impersonating existing accounts (in this case @federatedmind - I checked with them and their real alts on mastodon instances are on sfba.social, mstdn.social, and mastodon.social). Please be careful and check claims or just reject if the ip/email don't check out.

The farmers also have a new-found hobby of keyword stuffing with phrases you'd expect from corporate/milquetoast liberalism.

(IPs in the screenshot are spur.us-identified proxies, email domains are tempmails)

#mastoadmin #fediblock

Alt...

2 account applications from the same proxy address, different accountnames, and 101% troll farm: 1st: "Hobbit tendencies. Indoor enthusiast. Books and games. Tired but not sleepy. Software architecture. System design. Tidy first. Slow is smooth and smooth is fast. Humane management. Sustainable business. Democracy. People before property. Freedom from religion. We're all in this together. Mostly cis. Probably straight. He/They" 2nd: "AI tools, open protocols, creator-owned publishing. Practical guides for building on the open web. - federatedmind.comAlso here - @federatedmind"

🇬🇧 Ever wondered how burningboard.net actually runs?

Fully self-hosted in Germany, no trackers, no external logging. Isolated FreeBSD jails, a strict firewall, ZFS and encrypted off-site backups (restore-tested twice a year). Sovereign and transparent. All the details: https://meta.burningboard.net/infrastruktur.html

🇩🇪 Wie läuft burningboard.net eigentlich?

Komplett selbst gehostet, in Deutschland, ohne Tracker und ohne externes Logging. Isolierte FreeBSD-Jails, strikte Firewall, ZFS und verschlüsselte Offsite-Backups (2x im Jahr per Restore getestet). Souverän und transparent. Alle Details: https://meta.burningboard.net/infrastruktur.html

#mastoadmin #freebsd #zfs #gdpr #digitalsovereignty #fediverse

#tagspub #mastoadmin

War doch etwas nervig, und außerdem gibt's doch die Relays die eigentlich das selbe machen 🤷‍♂️

v4.6.0-beta.1

WarningThis is a pre-release! This has not been as widely tested as regular releases, although it is still tested on some servers. If you update to this release, you will not be able to safely downgrade to the existing stable releases. You will,...

https://github.com/glitch-soc/mastodon/releases/tag/v4.6.0-beta.1

#glitchsoc #glitch #mastodon #mastoadmin

@stefano We're still running alpha.8. I usually work on Mastodon things over the weekends, so I'm a few days behind. Nightly branch might already work with beta.

#MastoAdmin #BirdUI #MastodonBirdUI

v4.6.0-beta.1

WarningThis is a pre-release! This has not been as widely tested as regular releases, although it is still tested on mastodon.social and some other servers. If you update to this release, you will not be able to safely downgrade to the existing...

https://github.com/mastodon/mastodon/releases/tag/v4.6.0-beta.1

#mastodon #mastoadmin

phpc.social is now running on Mastodon 4.5.11, released ~4.5 hours ago.

#mastoAdmin

Liebe Leute WIR SIND BETA <3

Aktualisierung auf v4.6.0-beta.1 erfolgte ohne Probleme.
Bitte wieder brav weitertooten 🎉
#AfterSpace #MastoAdmin

https://github.com/mastodon/mastodon/releases/tag/v4.6.0-beta.1

We just released the first beta version of Mastodon 4.6 🎉

Highlights for this release are the profile page redesign and the ability to create curated Collections of Mastodon accounts, but it contains many other changes.

You can find all of them in the release page: https://github.com/mastodon/mastodon/releases/tag/v4.6.0-beta.1

We aim to publish a release candidate next week. If you are an admin and want to be on the bleeding edge, now is a good time to upgrade to the beta version and help us find any last minute bugs!

#mastoadmin

RE: https://mastodon.social/@MastodonEngineering/116687014689391748

The Mastodon 4.6 series bumps the node.js requirement to >= 22, per the 4.6.0-beta.1 pre-release release notes on Microsoft Github.

Debian Trixie is at version 20, Forky is currently at version 24.

Guess no 4.6 for those of us who run Debian Stable until next year or so when Forky makes Stable.

#MastoAdmin #Mastodon

AodeRelay boosted

Mastodon Engineering » 🌐 2026-06-03
@MastodonEngineering@mastodon.social

We just released the first beta version of Mastodon 4.6 🎉

Highlights for this release are the profile page redesign and the ability to create curated Collections of Mastodon accounts, but it contains many other changes.

You can find all of them in the release page: https://github.com/mastodon/mastodon/releases/tag/v4.6.0-beta.1

We aim to publish a release candidate next week. If you are an admin and want to be on the bleeding edge, now is a good time to upgrade to the beta version and help us find any last minute bugs!

#mastoadmin

RE: https://mastodon.social/@MastodonEngineering/116686417226647939

Updated burningboard.net to Mastodon v4.5.11 and also patched the servers in the same go. Everything stable and buttery smooth 🙂

#mastoadmin @tux @Mathias @AlienJay

fedicat boosted

Mastodon Engineering » 🌐 2026-06-03
@MastodonEngineering@mastodon.social

We just released Mastodon 4.5.11 and 4.4.18.

These versions contain several severity security fixes as well as other bugfixes.

Full release notes and update instructions are available on the GitHub releases page.

https://github.com/mastodon/mastodon/releases

#MastoAdmin

v4.5.11

Changelog Security Fix allowed attribution domains spoofing (GHSA-rwcw-vq68-g34p) Fix uncaught exception in message sanitization causing Denial of Service (GHSA-qrgq-9fx2-vf2r) Update dependencies Fixed Fix remote statuses with large media...

https://github.com/mastodon/mastodon/releases/tag/v4.5.11

#mastodon #mastoadmin

Mastodon Update 4.5.11 ✅

#mastoadmin

We just released Mastodon 4.5.11 and 4.4.18.

These versions contain several severity security fixes as well as other bugfixes.

Full release notes and update instructions are available on the GitHub releases page.

https://github.com/mastodon/mastodon/releases

#MastoAdmin

Mastodon Update 4.5.11 ✅

#mastoadmin #sysadmin #mastodon

New Mastodon Release

v4.5.11

https://github.com/mastodon/mastodon/releases/tag/v4.5.11

#Mastodon #Mastoadmin

🚨 Upgrade or be hacked. 🚨

There is a "hacker" group (script kiddies) targeting Mastodon sites that are not yet running Mastodon 4.5.10.

Version 4.5.10 fixes several security vulnerabilities that are relatively easy to exploit and were discovered in earlier versions of Mastodon.

If you're not running 4.5.10 (or newer), you are at risk. ⚠️

If you're using a nightly build of Mastodon, make sure you're running one that was released after the release date of 4.5.10. And yes, I said release date, not version number — earlier 4.6 nightly builds do not include the security patch. ⚠️

If you're delaying the update because you're running a modified version of Mastodon, consider whether maintaining those modifications is worth the security risk. ⚠️

#Mastodon #Security #CyberSecurity #MastoAdmin #FediAdmin #OnlineSafety

Alt...

A screenshot from 4chan. It reads: lmao how are people still not patched. admin sleeping at the wheel for real. lulz

Boosts appreciated!

Looking for someone to help moderate goingdark.social. Not because we're drowning in reports, but because I don't want to be the only person carrying that responsibility.

Honestly it could go a week or two without a single report. When they do come in, most are obvious spam and take under a minute. The main thing is just being around and reachable, so there's someone else who has eyes on things.

Good fit if you've been active here for a while and care about keeping this corner of the fediverse healthy. Plenty of time to learn the ropes. A good fit is more important than experience.

DM me if that sounds like you.

#goingdark #fediverse #mastodon #moderation #mastoadmin #helpneeded

We've implemented and enabled Turnstile on registration to prevent unwanted sign-up spam (it's a daily issue at this point).

Cloudflare Turnstile confirms web visitors are real and blocks unwanted bots without slowing down web experiences for real users. It's a simple snippet of free code that eliminates CAPTCHAs. With Turnstile, you can deliver better experiences and strengthen privacy for all users. More info: https://www.cloudflare.com/products/turnstile/

For anyone interested, here's the change in our Mastodon fork: https://github.com/mementomori-social/mastodon/tree/feature/captcha-turnstile-provider

#MementomoriSocial #MastoAdmin #Mastodon

Alt...

A screenshot of Cloudflare Turnstile integration on the Mementomori.social Mastodon sign-up page.

We are seeing an increased number of account signups on our #Mastodon instance. They are fake and very likely to be a part of the Russian LLM-backed campaign.

The reason for joining tends to be very broad and vague:

I'm looking to join a friendly Mastodon community and participate in discussions.

The email addresses used in these signups are valid (as they are able to verify it), but seem to be automatically generated.

The IP addresses they use either stem from a VPN, Tor exit node or a compromised webhosting thing (we do not log IP addresses - except during the registration, which is deleted once an account is approved or denied).

One positive consequence: this is really helpful to maintain our blocklist These bots end up being blocked by our pf(4) across the infrastructure.

#MastoAdmin

Hmm, the automated spambots are very, very active suddenly. #MastoAdmin

Alt...

List of account request with random usernames and templated responses

These Facebook and RIPE IP ranges are spamming all of my services and have been blocked at the firewall.

Almost exclusively hitting /auth/sign_up infinitely.

57.0.0.0/8
173.252.64.0/18
69.63.176.0/20
69.171.224.0/19

#mastoadmin