lemmy.blahaj.zone Also Compromised
The site is down for now but do not try to login into it.
The site is down for now but do not try to login into it.
It's been interesting watching this all play out on an open source social network. It's all out in the open so it caused quite the drama, but the actual order of events? Site goes down and is back up and vulnerability patched like 4 hours later? That's really impressive.
Power of the open source community.
In my opinion the "drama" was a critical part of immediately drawing attention to the voulnerabilty and bringing it to the attention of most instance admins very quickly.
Few things that have been added on my to-do list that I've learned from this.
Any additional suggestions are welcome!
My EEEEEEEEEEYES AUUUUUUUUUUUUUUUUUUGH the instance is pure white, probably utilizing some witch-craft to bring sunlight directly into my eyes. How do I return the blessed darkness to my screen??
What the hell happened here?? I get logged out of wefwef, come here to investigate, and I see something about a vulnerability???
Sounds like beehaw.org has shutdown temporarily just to be safe, sounding like a vulnerability in Lemmy.
Currently it seems to be a vulnerability with custom emojis only, which this instance never had, so currently we shouldn't be affected. However this is a developing situation and we will continue to monitor.