FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
Yea, I switched to this alt. It appears to be one of the assistant admins accts. Seems like an old fashioned anon prank, to me, they’re mainly just trying to make stuff offensive and redirect people to lemonparty.
So, y’know, old school.
I don’t know if any data is actually in danger, but I doubt it. I don’t see why assistant admins would need access to it.
My concern is that configuring the site to automatically redirect users sounds like they have pretty large control over the site - the kind of control that I would assume is usually limited to users with root access on the server.
Obviously hope nothing of value is lost and that there is a proper off-site backup of the content.
Edit: See Max-P’s comment, it looks like the site redirection was accomplished in a way that IMO suggests they do NOT have full control over the site. We’ll obviously have to wait for the full debrief from the admins.
Yeah the “redirect somewhere else” attack definitely doesn’t necessarily require any particular control of the site. Usually it’s noticing that you can trick some text into being run as Javascript, instead of interpreted as text… And then you just stick in a cheeky little
<notarealscript>window.location = "https://www.badsite.horse"</notarealscript>into that spot.Then every time that comment, username, (in this case apparently) custom emoji, etc. gets loaded, whoops, the code runs and off you go!
So no control of the site is required at all.
probably even the top admin don’t, it’s gonna be encrypted, so even they don’t know your password(except if they changed the code to store it in .txt) but always use differnt password in the internet
How did it happen and what does this mean for me as a user of lemmy.ml who also follows people on lemmy.world?
One of the admin accounts appears to have been compromised. The owner/other admins appear to be aware now because that account had its admin access revoked and offending posts are being removed.
Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days.
Thanks for the context
They really need to improve their 2fa implementation
Being a part of Lemmy in these early days has been kind of interesting, seeing all of the bugs and bits that will be ironed out over time. One day when Lemmy is as old as Reddit it will all be folklore. Maybe.
This’ll definitely be remembered. It’s good for us, we needed the wakeup call.
Hmmm. Don’t know what the fall out of this will be. But a lot of lemmy is on that server. Unfortunately. Maybe we’ll learn a lesson in the value of decentralisation.
Ruud also runs mastodon.world, FYI.
was just some of the admin in the lemmy, i don’t think they share the same admins
4AM in the Netherlands where the instance owner Ruud lives… hopefully his assistant admins can clean it up, but it might be a bit before he even knows anything is wrong.
we did it Reddit! /s
lmao
Twitter taking Threads down and posting this lol
deleted by creator
deleted by creator
It looks like they’re in the process. The compromised account was demoted from admin and I see posts are being removed. There will definitely need to be some sort of investigation into how this happened, though.
deleted by creator
I’m seeing zero comments come out of Lemmy.world in the past 15 minutes, app users shouldn’t have been redirected… and users commenting from other servers should be going to communities homed there. I wonder if they shut off federation. I normally see over 10 comments a minute: https://lemmyadmin.bulletintree.com/query/comments_ap_id_host_prev?output=table&timeperiod=15
Hmm. They seem to have cleaned up a lot of things by now. If federation is an issue that might something the hacker did? Though pausing federation as a precaution makes sense.
They’re stealing jwt tokens and noting when they’re admin tokens.
https://lemmy.sdf.org/post/696053 https://lemmy.sdf.org/comment/850269
The “Hot” sort topic:
Looks like this thread is getting mass downvoted by bots btw
Is @Ruud’s mastodon.world instance still okay?
Seems to be.
Compromised in what way? Can you post proof?
image here ![] (https://lemmy.ml/pictrs/image/0332b83a-ab01-4c99-9155-2a08b02fb652.png)
among several others
Could you spoiler that weirdo image
How do you spoiler an image in Lemmy markdown?
Are you on an app? It’s this symbol on lemmy
Looks like this if you need to do it yourself
I don’t think it works on an image?!
Works like thisI mangled the link enough that it isn’t rendering inline.
I tried 4 underscores, i tried 5. I can not tell from your screenshot exactly how many.
testing spoiling an image
ok, what’s the trick? I tried 4 underscores
Nvm Im not 100% sure how to use it
It works like this
spoiler test
Test
The image isn’t spoilered? lmao
I wasnt trying to spoiler that image
Huh, ok I guess.
I’ll try it myself here
spoiler
Yay it works :D
I can’t get it to work on an image. Is it 4 underscores?
sorry for this being so hectic, I was walking back to my apartment trying to do all this on my phone lol
It’s 3
3 underscores did not work in preview, I’ll just leave it as is now, a clickable link (not rendered inline)
One of their admins (MichelleG) began posting messages about federation with only Threads. The site is redirecting users to Lemonparty (now there’s a throwback). Site information has been vandalized with racist slurs.
Well, that escalated quickly.
Just go to lemmy.world and see for yourself. (Or don’t actually, might give you a virus or something idk)
Yeah I would like someone to post a screenshot i dont want to leak my ip
Technical details, is it the sidebar: https://lemmy.ml/post/1896249
