The vulnerability appeared to be from a custom emoji that they were running. SJW does not use any custom emoji so we should not be affected. In either case lemmy.world has now been restored and is back online. I’ll keep an extra eye on this instance until the patch gets released shortly.
this post was submitted on 10 Jul 2023
237 points (97.2% liked)
sh.itjust.works Main Community
8006 readers
1 users here now
Home of the sh.itjust.works instance.
founded 2 years ago
MODERATORS
Nice! Yeah, seems to be that lemmy.world logo emoji that stole your cookies. There were ~~people~~ compromised accounts posting them everywhere on .world.
Who would have thought an emoji could be a source of a vulnerability.
What impact?
As long as you dont go on lemmy.world, it's not going to redirect you to all the stupid websites.
And I doubt whatever they're posting (if they're posting anything) is getting upvoted, so you won't see it anywhere else.
And where are you getting "malware" from?
People are acting like it's some crazy hack, and not the 4chan rejects from exploding heads finally guessing an admins password a week after they got defederated. And after all that time chasing the mailman, they had no idea what to do when they guessed it
But this does highlight an issue with instances. I doubt the handful of admins know each other. Like, maybe an email, but for the most part if shit like this happens during "off hours" it might be a while before the top admin even knows there's an issue
Did you read my post? -I said there might be malware. -I said not to visit lemmy.world -The entire site may be fucking compromised. If you have control the servers, you can change database values to make your post any amount of upvotes you want.
Now let’s see if this goes the way VLemmy did this weekend.
Sorry I’m out of the loop. What happened to VLemmy?
Out of nowhere the instance went down. I believe it was late Saturday morning or so? It was my main instance and nobody has heard from the admin. He was always very enthusiastic and transparent, actively looking for more admins.
A day or so before it went down, he made a post about having to defederate with another instance due to current violation laws in his server’s country of origin. VLemmy is known for not banning many (if any) instances in favor of moderation, so they take defederation very seriously.
It looks like he got caught up with some bad content and had to shutdown. Not sure how long but all his tip and donation links have been closed including I believe his GitHub.
load more comments
(2 replies)
That's exactly what happened. And anyone complaining about vote rigging is probably from exploding-heads too.
There's an admin matrix chat
And how many people answer that on Sunday night?
What I'm getting at is a major website has at least a skeleton staff that can do something, even if that's just pulling the plug.
I don't even reply to most work texts after hours unless it's someone saying they have to use sick leave. I don't expect people hosting Lemmy as a hobby to be on call 24/7.
But I hope afterwards they're transparent about what happened and how they're going to stop it from happening again. If not, it's easy to hop instances
There's other admins working on it now. It's 5am where the owner is.
Instance name checks out
It's taking out multiple instances, lemmy.blahaj.zone just went down too
https://sh.itjust.works/post/923025 The comments in this post explain it better than I can, but this seems like a much bigger issue than an admin account being compromised.
Could I get hacked or compromised or something just by lurking the website? I didn't notice the Israel stuff until a bit late
Password was randomly generated like 5f.4_0@3j&j so no common passwords
load more comments
(2 replies)
Looks like the work of some junior edgelord.
Spez?
Talk about feeling like the old internet. I was wondering how I would get tricked into seeing something gross by some shock-humor edgelord.
Time to just grab a pint and wait this out. Lol
This is the unregulated chaos I've been missing from my internet. Feels like home.
lemmy.blahaj.zone just got hit by it too
Confirmed - fucked on my end too. Looks like the 18.1 update had some sort of major vulnerability.
load more comments
(1 replies)
XSS vulnerability reported: https://sh.itjust.works/post/923025
Damn. SJW and .world share the same lemmy source code. Could what is happening to .world happen to SJW? I'd take a dig into the lemmy code, but my brain is literal mush right now, its 11:16 PM here.
Potentially. Apparently it's spreading through comments, not just the sidebar.
Still getting the redirect at 3:30 AM UTC. Also, first post from my kbin backup.
Yup, I got "this website has been seized by reddit for copyright infringment". Very mature
Well, on the bright side of things, I'm able to find out about my main server going down from the dozens of other active instances.
About 10:38 pm CST I had just opened it on my browser and it flashed a "Reddit has taken over this site for copyright infringement". And the icon at the top was changed for Israel with the words about raping a child on it. Definitely something wonky going on, but I haven't seen any redirects to anything off site. Definitely not going back from my computer (sounds like the app is safe, but only will check for an update).
Yeah, I get that too, minus the Reddit part. However, during the ten minute span where the attack was resolved (then restarted), a mod/admin account reported that it was caused by a compromised admin account, so not Reddit taking over the site via copyright law. They removed the account, but the issue seems to be back now.
Yeah! Considering being repeatedly attempted (and succeeding)...I'm guessing it may take a little while to deal with.
I'm not seeing anything different with lemmy.world on my end. Can anyone else confirm what OP is seeing?
Edit: Reading that it was resolved in another thread.
Second edit: Nope, not resolved
~~Visited it again, seems restored. I'll update the post.~~ See original post
~~Yup I saw elsewhere that the compromised admin account was removed.~~
~~Edited again, site has been re- compromised.~~ See original post
load more comments
(1 replies)
Single 🔧 vs Federated ActivityPub instance, who wins
😂😂
Side note: glad the lemmy devs and mods able to figure it out and all while doing this part time. Great community yall. Hope to contribute my time as well.
damn, any idea on how?
An admin had their account compromised. The other admins have since fixed the account and everything should be operational again.
EDIT: Well the site's still down while they clean up the mess that was left behind. But I think the root problem is fixed now. Should be just a matter of time before they flip the switch again.
A .world mod/admin mentioned a compromised admin account. They removed the account, but the issue returned soon after I made the first edit to the post.
Definitely need to bleach my eyes after that 'attack'... saw it unfold and unfortunately saw too much.
load more comments
(1 replies)
And I have nowhere to go but Kbin because Beehaw is unstable and I don't want to open up a fourth account. Accumulating fediverse accounts should be the last thing you do
Suddenly got kicked off the server and stuff. Was a panicky moment cause I'm on the work computer...is there any indication that malware etc. was involved?
I don't know. I'm running the latest version of Firefox, which does not have any publicly known severe vulnerabilities. I also happen to be running the latest version of macOS, and most malware target Windows. I have not seen any suspicious activity, so I think I'm good. I did harden my OS and browser a bit when I set things up, so that might have made a difference. I would run a scan with Malwarebytes if I were you. Good luck. Hopefully its just a troll.
Damn