It looks like lemmy.world has been hacked.

The instance has been defaced, the site is only intermittently accessible, sometimes it redirects to a random video or other nasty URLs

DO NOT ATTEMPT TO LOG INTO LEMMY.WORLD UNTIL THIS IS CLEARED UP AND OFFICIAL ANNOUNCEMENTS ARE MADE BY ITS ADMIN.

My recommendation is to stay away entirely for the time being and monitor this thread for updates: https://lemmy.ml/post/1895271 (https://lemdit.com/post/44963)

Update:

• It looks like this was caused by a compromised Admin account
• It may be attributed to an exploit introduced by a specific git commit that lemmy.world was using (not public).

Initial indications are that this was particular to lemmy.world and not a symptom of wider Lemmy vulnerabilities.

The short of it is:

• vlemmy.net was one of the larger Lemmy instances (>10k users)
• They suddenly went offline today with no warning, all DNS records gone
• Nobody really knows why

There's more discussion in this thread: https://feddit.nl/post/458654

From what I can tell, this has nothing to do with their domain expiring / them forgetting to pay their domain bill. WHOIS records show it had been registered for many years, and domain registration is paid for in advance:

The domain status appears to have changed. The June 10th 2023 WHOIS data showed it as:

This is what you expect for a domain that is not currently being transferred.

The status now is:

Something is clearly going on with the domain, and it's not forgetting to pay a bill. All DNS records are gone, so this doesn't look like an oopsie there either.

I think all of these are possibilities:

1. Owners decided to pull the plug on it
2. This is a bungled attempt to transfer the domain to another registrar
3. Someone managed to break into their registrar account and is trying to transfer the domain away

I think these are unlikely:

1. Legal/law enforcement action
2. Accidentally deleting DNS records

It will be interesting to see how this develops. If vlemmy is truly gone, then this is a significant loss to the Fediverse, as they were the only larger Lemmy instance to have a no defederation policy.

What are your thoughts?

Today I received this text message:

• Opening the URL from a desktop computer redirects to the real NZ Post website.
• Opening the URL from mobile shows a convincing spoofed NZ Post tracking page:

The objective of the scam is to get you to click on "Schedule a Redelivery" and give them your personal details:

They will use this information to contact you and attempt to scam money from you, as well as try any future scams they may come up with.

The combination of URL + believable phishing page makes this scam particularly easy to fall for. If you're from NZ, then it's a good idea to warn your friends and family about it.

I will report the domain but it usually takes a very long time for anything to be done in these cases.