FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
How did it happen and what does this mean for me as a user of lemmy.ml who also follows people on lemmy.world?
One of the admin accounts appears to have been compromised. The owner/other admins appear to be aware now because that account had its admin access revoked and offending posts are being removed.
Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days.
Thanks for the context
Being a part of Lemmy in these early days has been kind of interesting, seeing all of the bugs and bits that will be ironed out over time. One day when Lemmy is as old as Reddit it will all be folklore. Maybe.
Hmmm. Don’t know what the fall out of this will be. But a lot of lemmy is on that server. Unfortunately. Maybe we’ll learn a lesson in the value of decentralisation.
Ruud also runs mastodon.world, FYI.
we did it Reddit! /s
lmao
Twitter taking Threads down and posting this lol
deleted by creator
deleted by creator
It looks like they’re in the process. The compromised account was demoted from admin and I see posts are being removed. There will definitely need to be some sort of investigation into how this happened, though.
deleted by creator
4AM in the Netherlands where the instance owner Ruud lives… hopefully his assistant admins can clean it up, but it might be a bit before he even knows anything is wrong.
They’re stealing jwt tokens and noting when they’re admin tokens.
https://lemmy.sdf.org/post/696053 https://lemmy.sdf.org/comment/850269
The “Hot” sort topic:
I’m seeing zero comments come out of Lemmy.world in the past 15 minutes, app users shouldn’t have been redirected… and users commenting from other servers should be going to communities homed there. I wonder if they shut off federation. I normally see over 10 comments a minute: https://lemmyadmin.bulletintree.com/query/comments_ap_id_host_prev?output=table&timeperiod=15
Hmm. They seem to have cleaned up a lot of things by now. If federation is an issue that might something the hacker did? Though pausing federation as a precaution makes sense.
Technical details, is it the sidebar: https://lemmy.ml/post/1896249
For those not aware, the beehaw server did intentionally shut their instance down to avoid any issues.
See announcement here: https://hachyderm.io/@beehaw/110687918465426082
It was cleaned up on the home page, but now back to being defaced as of this comment time.
Another user on the site confirmed this:
Oh wow again? 10 min ago it was clean! The .world admins are having a productive day lol
Now I’m unable to open lemmy.world, even on liftoff. Mods must have taken it down.
I decided to check it and it tells me that ‘The site has been seized by Reddit for copyright infringement’.
Lemmy.world front page is back up, but I am now logged-out
