Shit, lemmy world got hacked, click on that Israel will lead you to explicit picture of a bunch of naked old man sucking each other, and also pop’s up lead to porn site.
it also has something for invalidating all json web tokens by changing the signing key (all users will need to re-login after doing that), which may be necessary depending on whether the tech team believes any of them (especially any of the admin’s) have been compromised (there is currently no expiry date on the tokens).
The linked comment suggests that the entire Lemmy platform is currently vulnerable to the cookie stealing exploit that already happened to several instances.
Now, if only we have automod that could detect code injection in markdown links and tempban offenders…
Shit, lemmy world got hacked, click on that Israel will lead you to explicit picture of a bunch of naked old man sucking each other, and also pop’s up lead to porn site.
Avoid at all cost.
deleted by creator
Thanks Zen, you’re a lifesaver. Brb pressing the emergency button
is it the lemon party picture?..feels old.
welcome to pre-rickroll internet.
Ahh, that’s what it called, no wonder it’s somehow familiar.
deleted by creator
Merely open the dm? Or do we have to click the link for it to happen?
deleted by creator
damn, i feel like we can check off one success criteria: suddenly so attractive for hacks.
Alright, got it. Thanks!
That kind of feels like the old internet. Insert inappropriate links etc.
What next, resurgence of the Rickroll?
like we’re ever going to give it up
Resurgence? Rickroll never dies.
In my kid’s school, some of the kids are rickrolling each other IRL by just singing the song to them. I thought that is cute as hell.
https://github.com/LemmyNet/lemmy-ui/issues/1895 has more information on mitigations, which may not be necessary if no custom emojis were added.
it also has something for invalidating all json web tokens by changing the signing key (all users will need to re-login after doing that), which may be necessary depending on whether the tech team believes any of them (especially any of the admin’s) have been compromised (there is currently no expiry date on the tokens).
#lemmyworldhacked #fediversedrama
Thanks, i’m giving it a read but i’m not coding literate so may need some time to parse 😂
(URGENT) Lemmy has an XSS vulnerability in the tagline
Goddammit. The fediverse drama continues.
Btw admins it’s best that we defederate for the time being.
https://kbin.social/m/android@lemdro.id/t/168524/Lemmy-world-and-another-instance-have-been-compromised#entry-comment-661712
The linked comment suggests that the entire Lemmy platform is currently vulnerable to the cookie stealing exploit that already happened to several instances.
Now, if only we have automod that could detect code injection in markdown links and tempban offenders…