Skip Navigation

Remote View

hexbear @hexbear.net

CARCOSA [mirror/your pronouns] @hexbear.net

10h ago

we fucked up

Hello users of hexbear, or shall i say chapo.chat, we fucked up, and i fucked up like three times making this post.

Yes, hexbear.net has expired. Yes, we were aware of this possibility. We have gradually lost contact with the access owner (prior admin) for the domain registration. We attempted to make a migration plan, but we were disarmed by the reappearance of the party in question in September 2024 and repeated assurances that they would a) transfer credentials and b) continue payments until they were able to do the former.

We accept full responsibility for this. We should have been more aggressive about this and continued our alternative despite these reassurances. This is our fuck up, and we can't offer anything besides our continued apologies and our plan of action going forward and an explanation of what happened:

Over the time of chapo.chat and hexbear.net the admins that purchased the domain, established the donation accounts, and the server accounts have left. One of the primary admins has gone inactive and returned many times, over a year ago some of the newer admins began asking the older admins to give full access to the domain, servers, and donations. These requests were not met, despite warnings of this exact event.

At the moment we do not have access to hexbear.net and there is a strong chance we will not get it back without participating in the auction, which is already over $300. Choosing to abandon the hexbear.net domain will cause federation problems and considerable technical issues which would lead to potential extended downtime.

During this downtime we would be reestablishing access to the new domain (or hexbear.net if we win the auction), access to server ownership, and donation accounts. This would be distributed among a number of admins so that we can prevent this from happening again.

Chapo.chat has the same access problem that led to the current state of hexbear.net so it is to be considered temporary.

I will do my best to answer questions

674 comments

Please reply to this comment with name suggestions in the event we have to change from hexbear.net
- RentFr.ee
- how long can the URL be? can it be an entire paragraph of text?
- very much hoping we go off hexbear, if we do im changing the deal i made tjo whatever the new logo is and tbh i really would like it to have some sort of communist imagery in it instead of it being a cartoon hexagon bear lol.
  i like redbear the most out of anything that i've seen proposed, and the .lgbt or .su for the extension
- Hexbear.lgbt is open. $16 right now. Pridelife domains.
- slop
- moretankiehexbear.net
- I don't have a specific rec, just want to share a couple thoughts.
  I like the idea of an .su domain, but that's not so important, if it wasn't something like .su then I like the idea of .lgbt. My more crucial point is that I personally want to avoid chapo related names. I've never listened to the podcast and I joined this site almost a year ago. I feel like I'm not one of the only post-chapo people, and I think that the name of the site and its communities should refect its growth beyond a subreddit. Emojis and such are fine, but I don't feel like any sort of return or reference is needed. Essentially a vote against chapo.(whatever) plus reasoning.
- Though I think distancing from the old domain that will probably link to something cringe is a good idea, if we want to stay close to hexbear I propose hexbara.net, alluding to the the idea of countering hasbara.
  I think using the .su tld is a cool idea - something like clanhex.su could be a cool evolution from hexbear.net.
  I think the most important thing is to choose something that doesn't alienate any of our current members, including adherence to the non-sectarian principle.
- What if we named it after Hank, the rotund female black bear that was posted a couple days ago? Keeps with the bear image, and embraces queer/trans folk.
- hexbear.chat
- When this all gets sorted out and we have a new domain it the old domain back could you please reach out to me at my Hotmail?
- it's a shame the .baseball domain hasn't launched yet that would have been kinda funny
- Sent an embarrassing number of DMs offering to donate domain names, but I got some bangers.
- OopsAllHexberries.net
- pigpoop.beanis.net
- Hexbear.lgbt

Pinning @piggy@hexbear.net comment:
True Hexbear Fedayeen have hexbear hard coded in their hosts file and are currently enjoying their

On OSX/Linux just add 37.187.73.130 hexbear.net to the bottom of /etc/hosts and you'll get your
back.
On Windows its at C:\Windows\System32\drivers\etc\hosts
On Phones it's much harder so all your
are lost.
- Is this an IP statically allocated by the ISP, or should we keep checking back in case a new one gets reallocated on DHCP lease expiration?
  
  It is almost certainly static. someone posted something somewhere that showed the history, and it hasn't changed in ages
- Adding a static DNS entry on your router also works.
- yay it worked. Had to close the browser completely afterwards
  edit: ok nm mostly works but still have random emojis turning into 'visit hexbear.net"
  but at least i can see some and everybody's beautiful pfps
  
  You have to add a second line as follows:
  37.187.73.130 www.hexbear.net
- Can I do something similar from my router? Or is it only the OS that can change the hosts file?
  
  If your router allows you to enter static DNS records, yes. I've done that.
  
  Yeah your router might have a hosts functionality. All routers are a bit different so I can't give direct instructions.
  You can also try setting up your own custom DNS there's a post in the comments here somewhere describing how.
- Thank you, I can see images again. :)
- I'd like to reignite the
  struggle session to cover for CARCOSA on this one
  
  THERE IS TOO MUCH BEANISPOSTING ON THIS SITE
  
  What even is a beanis?! You're driving out the normie posters!
- IP address is wrong: it should be "37.187.73.130" according to Cloudflare DNS
  
  They just missed the first octet.
- I'm fuckin back baby
  Why don't some emoji work?
- How do I do this on android?
  
  I use NextDNS for the adblocking but it also supports DNS rewrites. No local DNS server necessary. It's working for me atm.
  Edit: my.nextdns.io lets you set up an anonymous profile, DNS rewrites are under the "settings" tab. Hexbear.net goes in the top box, 37.187.73.130 in the bottom one.
  
  Not really doable without a rooted phone, but if you're tech-savvy and dedicated enough you could rig up a local DNS on your network (like a pi-hole) and override there
  
  You can't unless your phone is rooted.
  You could do something like this on your home router, but the instructions vary from router to router and aren't generic.

Okay so losing the domain is actually very funny to me. I am not personally invested in us getting the domain back so long as measures are taken to ensure security (comments on MITM and the need for invalidating JWT, at minimum, are reasonable concerns).
I'll make one quick note about the donations issue. I would recommend that in the future, you distribute funds so that if someone goes AWOL you only lose, say, 20% or 40% (let's say someone else leaves with them) rather than 100%. This is how many orgs maintain funds for organizing without needing all of it to go to a legal entity or just one person.
In terms of domain registration and access, I can give a couple tips for whatever domain the site settles on.
Have all emails go to a forwarding email address that pings multiple admins' emails with domain messages. You can set up a regular ping to that address so that everyone knows it is still working every 2 weeks or so. e.g. "Subject: hexbear.net email is working". You should also make a note if when the registration expires. Domains tend to be renewed yearly and on a particular date, so you can set calendar reminders and alarms and so on to each verify that the domain has been renewed.
With some registrar services you can have multiple domain admins. There is still just one legal entity that owns the domain but you can set up multiple accounts to have access to change DNS settings, get expiry emails, etc.
This is an InfoSec risk, but you can share ownership by making a shared legal entity the owner, like a business or non-profit. The problem with this is that two people need to register the business and this effectively reveals your names and that you are associated with one another. But depending on your risk tolerance and existing social connections, it might be possible for 2 people to do this kind of thing.
Obviously there is no perfect solution. The ability of one person to change the password on any shared account (e.g. forwarded email address) would still pose a disruption risk. But doing at least the first two steps would give you a heads up on something going wrong and if you did the third you could pay on behalf of the owner (the legal entity) even if one of you goes AWOL.
Anyways, thanks again for picking up the pieces here. I'm sorry, I am sure it is very stressful. We are all comrades here. Let us know if there are ways for us to support you all.

Thank you so much for this thread that legitimately slowed my heart rate down compared to the rest of the news. A real human level problem, nice and relaxing. No genocide happening or even hinted at.
firmly against anything referencing beans or poop
probably against overtly left nomenclature. I think some amount of mystery serves well towards various audiences
probably against "tankie" because it'll be an irrelevant meme eventually
very quietly suggest something with javelina.. but there are already better options being sat on

Thank you admins you all do a lot for very little and it's appreciated <3

Hand to god I thought we got got by the US government.

What's the story behind this URL anyway?

Haven't been paying attention is this the trans megathread?
Been really identifying with he/him lesbian vibes right now.

https://chapo.chat/comment/5909306
did i not make myself clear?

currently almost $700 with 9 d left in auction
I think this domain is toast. The only reason to participate in the bidding war is to drive up the price for whatever enemy is counter bidding. But don't let them do the same to you. (Using mental mind control I guess.)

this is at least 79% funny

I love you all this is pretty funny lol

This sucks, at least I eventually figured out I'd know what happened through one of the federated instances.

Can we pool donations to win the auction? When does the auction end? I'm willing to donate
Reasons to try:
Anyone touching grass now who tries to access hexbear later could get doxxed by the new owner. If I understand correctly, the login attempt could link their IP to their password, post history, and recovery email if they have one. If so, this could be pretty be dangerous for vulnerable users here. If the information gets posted to a public database, this could lead to some of those people getting hacked, stolen from, harassed, fired, or worse.
We'll lose people if we lose the domain. This could include people who are currently receiving mutual aid from us, or who might have planned to in the future. It could also include people who rely on this site to maintain their mental health and sense of community. Not everyone will know where to find the new domain. The chapo chat URL is old lore that newbies won't know, and the official mastadon is little-known.

Just in case where is our backup contact point. Like if this site breaks where to I look for the new one? Like... true anons reddit?

I can't find the news and general megas can I general post here

How will I find the new site if we lose this domain? Do we have other communication channels?

Is there a way to spirit bomb crowdfund this back?
Do we know who or what entity the counter bots are? Or how much they are willing to toss at it?
Half thinking of throwing myself in it but I don't know if jacking the price to $4,206.90 as a bit is the wisest move and I wouldn't know what to do with it if I won..like how to tranfer back to Carcosa or whomever Admin.
A number of people rely on this site for actual help and refuge.

Hexcum was the subdomain I used when I proxied this site for personal use.
Hexcum plz

You fucked up

Thank you for contacting Sav support and using our services.
I understand the urgency and concern regarding the domain hexbear.net, especially given its importance to your site's users and the potential security risks involved. It's clear that the situation is challenging, and I empathize with the difficulties you're facing due to the previous domain holder's absence. Upon checking, the domain you mentioned is currently in an expiring auction, as it has exceeded the grace renewal period. But don't worry! You have a chance to get the domain by participating in the auction on the following link: https://www.sav.com/auctions/details/7073489/hexbear.net. If you win, the domain will be renewed for one year and transferred directly to your account. Please note that it's not possible to intervene or cancel the active auction. We encourage you to participate in the auction to secure the domain before it ends. I hope this information helps you in securing the domain and ensuring the continued safety and accessibility of your site.
Best Regards,
Scott
Seems like the auction can't be stopped

I sent a message to SAV explaining the situation to see if there's anything they can do.
There has recently been a lapse in domain registration for the site hexbear.net and said domain has entered the auction phase.
This domain is currently hosting an active site with many daily users, the previous domain holder has vanished and the lapse in payment was not something the current administration team was able to rectify without their information.
Currently, the site has been redirected to chapo.chat, but losing the hexbear.net registration will pose a large security risk for users of the site as a malicious actor could MITM them.
If there is any way we could transfer domain ownership to someone affiliated with the current site's administration team, possibly paying a fine for missed payment and ending the auction it would be greatly appreciated.
Thank you.

If we end up with a new domain, does that mean we can federate with the lib instances again and go back to dunking and general joy?

Can't the image loading issue on chapo be fixed pretty easily by using nginx sub filter?

Make sure to invalidate all the jwt tokens. Whoever buys the domain might be able to grab them from people still visiting the old site

Well I guess this is one way to get the feds to never notice us.
But seriously, is there a lifeboat active in case this kind of thing happens again? Thankfully I'm friends with some users online but not every poster is. I remember for the old subreddit we did a discord life boat weeks in advance.

Can I suggest chudtrap.house as the new name?

Hexbear.lgbt let's gooo

Posting in an historic thread

CHAPO.CHAT IS ETERNAL.

Where were you when you find out hexbear kill

USAID funding gets slashed
Hexbear mysteriously loses access to the site owner
hmmm

is there an estimate on when this access problem will hit chapo.chat?
how long will the direct IP workaround function?

🚨 Comment found elsewhere:
So this is a man-in-the-middle attack waiting to happen isn’t it? Buy the domain, setup a reverse proxy that points to the original hexbear server IP and start logging all requests.

I will buy the domain at auction in exchange for complete and total immunity from the mods. This is NOT a bit

As an aside, this site has a way better layout and interface than all the other lemmies. Seriously the most comfortable way to browse and it even works well on mobile.

As a federal agent assigned to Hexbear, please get things working again soon. If I get reassigned they might send me to some far-right place and I'll have to spend all day scrolling though racism, shock images, and racist shock images. The team's all rooting for you!
Also, if anyone has inside info about the new name, DM me. We've got a betting pool going and I intend to win.

Letting the domain name expire and get auctioned off as a bit is not okay. 😔

In other news mhexbear.net is available

There's too many admins for a site this small, this was bound to happen eventually. Someone with the damn keys gets canceled or whatever and takes it out on the site. Oh well.

When a new domain is a thing do we have any way of letting users know what it'll be ahead of time and when it'll be up and running? I understand downtime, just wanna be sure I can find the place after

Forgive my ignorance but are there any opsec implications that come from losing the domain? Just a lil paranoid

How long was the admin team aware of this imminently happening?

when the site gets back up and running, please make the "visit hexbear.net" textbox that's replacing all the emojis rn into an actual emoji. maybe called like ":we-fucked-up:" or something

In the current state, TLS cert can't be renewed either, right?

we had a good thing you stupid son of a bitch

Don't pay for the domain so we can make fun of whoever shells out for it

I will do my best to answer questions
Hi yes. Boys with brown fluffy hair or shoulder length blond straight hair? Always thought I preferred the former, but I'm going to a movie this weekend with a guy who matches the latter description
he's such a dweeb it's so endearing

Letting the url expire for a bit wasn’t okay

How fitting, since my password locker still has my password to this site down under chapo.chat.

Can we throw a struggle session? It seems like good timing.

The bed has bin shat in

we fucked up
Story of Hexbear's life

It was messed up of the admin team to make me touch grass until I could figure out my password to login on Chapo dot chat (lmao just kidding suckers, I just talked to people in XHS about parenting).
But for real I do have one question. In light of emojis all being
are we gonna lose our emojis when we go to hexbeanis.su or whatever?

674 comments