Shit, lemmy world got hacked, click on that Israel will lead you to explicit picture of a bunch of naked old man sucking each other, and also pop’s up lead to porn site.
it also has something for invalidating all json web tokens by changing the signing key (all users will need to re-login after doing that), which may be necessary depending on whether the tech team believes any of them (especially any of the admin’s) have been compromised (there is currently no expiry date on the tokens).
I also found this lemmy moderation tool (seems to be by the same dev as lemmyverse.net), which the tech team may want to take a look at to see if it’s comparable to what you all had on reddit…at least after the security issue thing blows over.
The linked comment suggests that the entire Lemmy platform is currently vulnerable to the cookie stealing exploit that already happened to several instances.
Now, if only we have automod that could detect code injection in markdown links and tempban offenders…
Shit, lemmy world got hacked, click on that Israel will lead you to explicit picture of a bunch of naked old man sucking each other, and also pop’s up lead to porn site.
Avoid at all cost.
deleted by creator
Thanks Zen, you’re a lifesaver. Brb pressing the emergency button
is it the lemon party picture?..feels old.
welcome to pre-rickroll internet.
Ahh, that’s what it called, no wonder it’s somehow familiar.
deleted by creator
Merely open the dm? Or do we have to click the link for it to happen?
deleted by creator
damn, i feel like we can check off one success criteria: suddenly so attractive for hacks.
Alright, got it. Thanks!
https://github.com/LemmyNet/lemmy-ui/issues/1895 has more information on mitigations, which may not be necessary if no custom emojis were added.
it also has something for invalidating all json web tokens by changing the signing key (all users will need to re-login after doing that), which may be necessary depending on whether the tech team believes any of them (especially any of the admin’s) have been compromised (there is currently no expiry date on the tokens).
#lemmyworldhacked #fediversedrama
Thanks, i’m giving it a read but i’m not coding literate so may need some time to parse 😂
I also found this lemmy moderation tool (seems to be by the same dev as lemmyverse.net), which the tech team may want to take a look at to see if it’s comparable to what you all had on reddit…at least after the security issue thing blows over.
#redditmigration
The team are currently working on the bot though, but thanks for the suggestion 😁
deleted by creator
Resurgence? Rickroll never dies.
deleted by creator
like we’re ever going to give it up
(URGENT) Lemmy has an XSS vulnerability in the tagline
Goddammit. The fediverse drama continues.
Btw admins it’s best that we defederate for the time being.
https://kbin.social/m/android@lemdro.id/t/168524/Lemmy-world-and-another-instance-have-been-compromised#entry-comment-661712
The linked comment suggests that the entire Lemmy platform is currently vulnerable to the cookie stealing exploit that already happened to several instances.
Now, if only we have automod that could detect code injection in markdown links and tempban offenders…