this post was submitted on 10 Jul 2023
43 points (100.0% liked)

Fediverse

17671 readers
75 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 4 years ago
MODERATORS
 

I hope they can bring the site back up soon and that it is not gone forever.

top 29 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 1 year ago
[–] [email protected] 8 points 1 year ago (1 children)

I think that's a good sign. It probably means the problem is being dealt with by admins. Any communities on the affected instances that have subscribers on other instances will be backed up on those other instances, so most of the content is safe no matter what. I just hope the users on those instances know they can come to others in the meantime.

[–] [email protected] 3 points 1 year ago (2 children)

From the few bits I've read, it sounds like the issue is spreading through comments and involves the markdown parser. This needs dev intervention, not just admins.

[–] [email protected] 2 points 1 year ago (1 children)

it sounds like the issue is spreading through comments and involves the markdown parser.

What do you mean? Is there something that us normal users can do to mitigate this? Or do we just hope that the devs and admins resolve this?

[–] [email protected] 3 points 1 year ago (2 children)

This is the conversation I'm referring to:

https://i.imgur.com/uqW3P8o.png

It may well be that the lemmy.world admin account was compromised as a result of the hack, rather than to make it happen.

Apparently Memmy is immune to this, not sure about other apps. Someone else advised staying loggged out, and maybe be prepared to change your password after it's resolved.

[–] [email protected] 3 points 1 year ago (1 children)

Thanks for the explanation.

I've already made the decision earlier to change my passwords (on all my accounts on different instances) after this has been resolved.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

FWIW, right now it seems unlikely that your password was accessible to anyone. Your login cookie may have been taken if you accessed Lemmy on a web browser (apps are likely fine), so you would want to clear your Lemmy cookies and cache once this is over.

But I'm speculating, and changing your password will definitely help!

[–] [email protected] 4 points 1 year ago

Thanks!

Fighting the urge to clear my cookies and cache right now, lol!

[–] [email protected] 3 points 1 year ago

Looks like it could be some kind of markdown parser injection, where they manage to forcefully close the HTML src property and enter their own

[–] [email protected] 1 points 1 year ago

Well, taking the most obviously affected instances down is a good start, anyway.

[–] [email protected] 3 points 1 year ago (1 children)

lemmy.blahaj.zone.just went down too

[–] [email protected] 2 points 1 year ago (1 children)

that is really bad because I am one of the moderator for one of the community in that servers. if this spreads out and took longer than expected. I might consider move my community to other servers.

[–] [email protected] 4 points 1 year ago (1 children)

I'd give it at least a day or two to see how things shake out, unless it's really important to you to have that community up all the time.

[–] [email protected] 3 points 1 year ago

yeah 48 hours from now is an ideal timeframe. let's see where it goes.

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago (3 children)

Bit brave linking direct to an instance. This runs the risk of pulling people out of their apps and onto corrupt pages.

[–] [email protected] 3 points 1 year ago

That's the instance I'm logged into. It's safe. You can trust me, I 'm a stranger on the internet

[–] [email protected] 3 points 1 year ago (1 children)

I don't think there's any way to link to a post besides an instance specific link, unfortunately

[–] [email protected] 3 points 1 year ago

I really hope they add that soon. They only seem to have instance-agnostic links for communities and users for now.

But I think you can copy that link into the search bar within Lemmy and not get pulled into another instance.

[–] [email protected] -1 points 1 year ago

Then don't open the link if you're scared/doesn't fit your OPSEC?

[–] [email protected] -1 points 1 year ago (2 children)

Time to switch instance now, ig.

[–] [email protected] 8 points 1 year ago

This seems to be a front-end JavaScript exploit, so theres's a good chance that this is a Lemmy problem, not a Lemmy[dot]world problem. Don't be surprised if the issue starts spreading to other instances.

If I were running a server, I would take it offline until a patch is released (Beehaw did this, to be proactive).

[–] [email protected] 0 points 1 year ago (3 children)

It's not just about that though, there were many communities only on there.

[–] [email protected] 1 points 1 year ago

You can still access those communities from other instances right?

[–] [email protected] 1 points 1 year ago (1 children)

I hope that the admins will resolve the issue soon.

[–] [email protected] 0 points 1 year ago (2 children)

There goes the largest no stupid questions community. Bah. They'll be back in a day or two, I know, but bah.

[–] YellowtoOrange -3 points 1 year ago

I'm back baby! I'm back!