lemmy.world and lemmy.blahaj.zone got hacked, admins in sopuli.xyz should enforce 2fa for admins and possibly disable/ look into possible injections from the community sidebar

You are viewing a single thread.
View all comments
2 points
*

I just enabled 2-factor authentication because of this. Script-kiddies are not gonna capture this instance!

permalink
report
reply
2 points
*

It’s highly unlikely 2FA is enough to mitigate this kind of an attack. It’s a security vulnerability in lemmy itself, and they are stealing your access token instead of trying to log in as you.

edit: People, please, no reason to downvote admin ACKs. Just means they’ve at least read the message, after that, it’s their instance and they’ll do as they see fit.

permalink
report
parent
reply
2 points

OK.

permalink
report
parent
reply
1 point

Did Sopuli have any custom emojis enabled? Based on what I read about the hack the vulnerability was linked with those as detailed here.

permalink
report
parent
reply

Sopuli's Default Community

!main@sopuli.xyz

Create post

Community for all jibber-jabber. As this is a hard-coded community for every instance, we may get this doing something useful.

Simple test posts to !test_community@sopuli.xyz

Meta-discussion regarding the instance and support in problem situations !meta@sopuli.xyz


Yhteisö kaikenlaiselle pälätykselle. Koska tämä on kovakoodattu yhteisö jokaiselle instanssille, voimme tehdä tällä ehkä jotain hyödyllistä.

Yksinkertaiset testiviestit mielellään !test_community@sopuli.xyz

Instanssia koskeva metakeskustelu ja tuki ongelmatilanteissa !meta@sopuli.xyz

Community stats

  • 22

    Monthly active users

  • 60

    Posts

  • 60

    Comments