this post was submitted on 10 Jul 2023
71 points (97.3% liked)

/0

1567 readers
1 users here now

Meta community. Discuss about this lemmy instance or lemmy in general.

Service Uptime view

founded 1 year ago
MODERATORS
 

Original Post:

https://lemmy.dbzer0.com/post/536477

Title:

PSA: Lemmy.world has been compromised!

Post:

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?

Images:

First, some random video show up, I'm not gonna watch it in case its NSFL content.

Second, the website tries to redirect me, but uBlock Origin blocked it

The Front Page

Side Bar got messed up.

Everything else seems fine, here is the signup page with the Lemmy Version visible.

Also notable comment from the Original Post:

Yea, I switched to this alt. It appears to be one of the assistant admins accts. Seems like an old fashioned anon prank, to me, they’re mainly just trying to make stuff offensive and redirect people to lemonparty.

So, y’know, old school.

I don’t know if any data is actually in danger, but I doubt it. I don’t see why assistant admins would need access to it.

Edit: Someone else said an admin's credentials was compromised:

One of the admin accounts appears to have been compromised. The owner/other admins appear to be aware now because that account had its admin access revoked and offending posts are being removed.

Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days.

@[email protected] be careful with making admins. And secure your passwords, use 2fa, etc...

Edit 2: Now the entire front page is filled with posts regarding the lemmy.world hack. Interesting...

https://i.imgur.com/VvxiphP.jpg

Edit 3: Lol a post was made from the hacked account claiming the hack was fixed, but that account is still under the hacker's control:

https://archive.is/hRytN

Edit 4: Lol this is actually funny:

https://archive.is/wbQ2f

"Site has been seized by Reddit for Copyright Infringement" Lmfao

Edit 5: threads was put on an allowlist, and lemmy.ml was put on a block list, every thing else is under "linked instances". I wasn't quick enough to get a screenshot or an archive link.

Edit 6: lemmy.blahaj.zone just got hacked too!

I urge all instance admins to temporary defederate from lemmy.world and lemmy.blahaj.zone as a safety precaution.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago (1 children)

I don’t know if any data is actually in danger, but I doubt it. I don’t see why assistant admins would need access to it.

What data do admins of a Lemmy instance have access to? Email addresses and login IP?

I believe the most recent Lemmy update changed it so content deleted by users is deleted after 30 days now instead of kept indefinitely.

[–] [email protected] 9 points 1 year ago (1 children)

Test User screenshot

This is the view an admin has for a user via the existing Lemmy web UI. No email or IP is visible.

The user's data would only be available to someone with direct access to the database.

[–] [email protected] 3 points 1 year ago (1 children)
[–] [email protected] 3 points 1 year ago

Correct, anyone who has shell access to the server(s) the instance is running on could query the database.