this post was submitted on 10 Jul 2023
20 points (95.5% liked)

Lemmy NSFW

11438 readers
17 users here now

Updates about lemmynsfw.com

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
20
Temporarily defederated from lemmy.world (and lemmy.blahaj.zone) as they seem to be compromised (lemmynsfw.com)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
5 comments fedilink hide all child comments
 

We quietly defederated temporarily earlier because lemmy.world seemed to be compromised earlier in some way, but then it was fixed. Now it's happened again. Unsure what is going on over there but there isn't much use speculating. They have been dealing with weird redirects to shock sites like lemonparty (throwback). Whoever has compromised them seems to have some early 2010s internet sense of humor I guess.

Anyway, once they have things under control and an announcement is made we will refederate ASAP. For the time being, please avoid going to their homepage for the time being as we have no idea what the nature of the compromise of their site is and to what extent.

EDIT: seems lemmy.blahaj.zone just was as well. :(

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 1 year ago

It looks like they’ve got things under control now. see rudd's post here

[–] [email protected] 2 points 1 year ago (1 children)

Admin alt of one of the mods of Mildly Infuriating.

It may have something to do with this message I got:

If I could hazard a guess. Maybe a login token theft, so the hacker has access to an admins account or multiple.

[–] [email protected] 0 points 1 year ago

It seems to have spread to lemmy.blahaj.zone. Will add them if more come :( This sucks man.

[–] [email protected] 0 points 1 year ago (1 children)

I have an account signed up there. Should I be worried? How does it affect the user?

[–] [email protected] 2 points 1 year ago

The attackers would've been able to get the token used to login but not your password from a vulnerability with custom emoji. Lemmy.world rotated their JWT secret so all logins are invalidated and the vulnerability has been patched. Should be just fine.