54
PSA: Lemmy.world has been compromised! (sopuli.xyz)
submitted 1 year ago by [email protected] to c/[email protected]
21 comments fedilink hide all child comments

cross-posted from: https://lemmy.ml/post/1895271

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?

edit: lemmy.blahaj.zone has also been hacked.

top 15 comments
sorted by: hot top controversial new old
[-] [email protected] 6 points 1 year ago* (last edited 1 year ago)

Looks like we are safe, based on this post. We don't have any custom emojis.

[-] [email protected] 32 points 1 year ago

It's kinda neat that we're all still on lemmy discussing a downed node, of sorts.

Because fediverse.

[-] [email protected] 14 points 1 year ago

I also think there are plans to federate users and user ids. So it would be cool for all the people on lemmy.world and blajah.zone to just go to another server and comment with their account. But, that’s for a future version of activitypub.

[-] [email protected] 4 points 1 year ago

until then Lasim could help IT allows you to migrate user subs and block between instances

[-] [email protected] 1 points 1 year ago

does that also include subscriptions or just settings? i havent changed many settings yet but i made a new account (this one) and i want to move all my subscription over

[-] [email protected] 2 points 1 year ago* (last edited 1 year ago)

you say which (source) instance you want to download from and provide the login information for it. then you do the same with the destination. I recomend to also change the password of both afterwards just to be safe. It "syncs" subbscription, settings and blocked user/instance (communities)

[-] [email protected] 2 points 1 year ago

Is this how nomadic identities would work? That would probably get me to use other fediverse services like Mastodon and Pixelfed. One account to rule them all. I'd probably even selfhost it.

[-] [email protected] -2 points 1 year ago

Or the flip side, for the hacking of Lemmy world to expose the data of every user of every other instance.

[-] [email protected] 6 points 1 year ago* (last edited 1 year ago)

That's false. Only public info like posts,comments, upvotes etc.

If it was the case, everyone could make their own instance and get lots of sensitive data, which is an huge security breach.

[-] [email protected] 5 points 1 year ago

No? All data of users on other instances is considered public.

[-] [email protected] 9 points 1 year ago

Brand spankin new to the fediverse, and yeah this is pretty rad to still be able to access content even with a DDOS or whatever the fuck this is. Also.. "Lemonparty"??? What's next Rage Comics, mfw, Forever Alone?

[-] [email protected] 8 points 1 year ago* (last edited 1 year ago)

That is neat.

But also hundreds of inexperienced admins running the same exact software with an HTML injection vulnerability is not so neat. https://sopuli.xyz/post/1180773

[-] [email protected] 12 points 1 year ago

this exploit seems to have spread to lemmy.blahaj.zone too

[-] [email protected] 5 points 1 year ago* (last edited 1 year ago)

Related: https://github.com/LemmyNet/lemmy-ui/issues/1895

https://github.com/LemmyNet/lemmy-ui/issues/1252

Makes me wonder how well fediverse handles vulnerabilities. I don't think there is a hotline channel that would report vulnerabilities and fixes to instances in a coordinated fashion and I doubt every instance fixes these things ever.

load more comments
view more: next ›
this post was submitted on 10 Jul 2023
54 points (96.6% liked)

Meta

729 readers
1 users here now

Yhteisö instanssia koskeville tiedotuksille, palautteelle, metakeskustelulle ja avulle. Katso myös UKK!

Community for announcements regarding the instance, feedback, meta discussion and help. Check the FAQ also!

Users needing support can also come to our Matrix Space.

Tukea tarvitsevat käyttäjät voivat myös tulla Matrix-tilaamme.

founded 3 years ago
MODERATORS
[email protected]