darrsil

joined 1 year ago
sorted by: new top controversial old
FYI: lemmy.world appears to have suffered a serious compromise. in c/[email protected]
[–] [email protected] 27 points 1 year ago (8 children)

I'm surprised I haven't seen more posts yet about this. A rogue or compromised admin put JavaScript redirects on Lemmy.world as well as changed the name and some other things. The other admins removed the compromised admin, but then about 30 minutes later they were reinstated and started wreaking havoc again. The instance eventually went offline completely.

Warning: lemmy.world just got hacked in c/[email protected]
[–] [email protected] 7 points 1 year ago

It works, but it's half-assed. The way Lemmy sets it up only works on a portion of authenticators, and ones like Authy isn't one of them. Then it also doesn't have a confirmation before enabling it, so you may think it's working but then get locked out of your account when you can't log in next time around.

The best way to test it is to enable 2FA and set up the code, but keep your Lemmy settings open. Then open an incognito window and see if you can log in using the 2FA code. If you can't, go back to the settings window and disable 2FA.

Warning: lemmy.world just got hacked in c/[email protected]
[–] [email protected] 21 points 1 year ago

Ah, didn't realize they were already defederated. Still, admins should be on the lookout for an attack on Beehaw.

173
Warning: lemmy.world just got hacked (beehaw.org)
 

I would be cautious about viewing any Lemmy.world communities right now, and the Beehaw admins should make sure their credentials are locked down in case they get targeted next.

For those trying to kick the Reddit habit in c/[email protected]
[–] [email protected] 1 points 1 year ago (1 children)

I have to say, I kind of like that Android has a better app than iOS for once (albeit barely).