this post was submitted on 10 Jul 2023
4 points (100.0% liked)

Reddthat Support -> Has moved

333 readers
1 users here now

Reddthat Community Support Forum

Before posting, have you read the rules?

Introductory Required Reading

You are ready to start your adventure on Reddthat but are still unsure? That's fine! You've come to the right place.

Alternative Support Forums

founded 1 year ago
MODERATORS
[email protected]
[email protected]
4
Is the comment exploit still a vulnerability? (reddthat.com)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

Has reddthat.com had any issues with the recent hacks/exploit that some larger instances have dealt with? Were there any precautions that had to be made like rotating the jwt's and hiding the exploit (I don't have a lot of technical knowledge on the subject, so hopefully I'm making sense)? Are we waiting for lemmy devs to make a permanent fix, or is this already happening and I'm just behind on the times? Or does this not affect our instance due to the software version being upgraded? Just curious about if the security breach is something that can be widespread, or if it has already been mitigated around here. Thanks for all that you do for us regardless, I've really enjoyed calling reddthat my new home!

top 2 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago (1 children)

You beat me to making a post about it.
The XSS exploit was related to custom emoji. As we never got round to using the custom emoji in any real use it's a non issue.

Also, yes we would have to wait for the devs for a real fix before we can safely go back to using the custom emoji.

I rotated my own jwt, but left everyone else's. :)
Tiff

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

I read through some of the "custom emoji exploit" updates earlier today, but wasn't sure if it was still "the latest (or only exploit)", and/or if it applied to our instance at all.

I appreciate your response! I can't even pretend to know what "rotating a jwt" truly entails, but I had read enough to know even less... and I appreciate the response because it helps things make more sense to me! Thanks again for all that y'all do here!

load more comments
view more: next ›