1

multiple lemmy instances are going down to a js injection or admin password hack

posted
by
Avatar
Wet Noodle@sopuli.xyz
in
Avatar
main@sopuli.xyz
4 comments
hidereport

lemmy.world and lemmy.blahaj.zone got hacked, admins in sopuli.xyz should enforce 2fa for admins and possibly disable/ look into possible injections from the community sidebar

Sort:
HotTopControversialNewOld
Avatar
QuentinCallaghan@sopuli.xyzM
2 points
*

I just enabled 2-factor authentication because of this. Script-kiddies are not gonna capture this instance!

permalink
report
reply
Avatar
ananas@sopuli.xyz
2 points
*

It’s highly unlikely 2FA is enough to mitigate this kind of an attack. It’s a security vulnerability in lemmy itself, and they are stealing your access token instead of trying to log in as you.

edit: People, please, no reason to downvote admin ACKs. Just means they’ve at least read the message, after that, it’s their instance and they’ll do as they see fit.

permalink
report
parent
reply
Avatar
QuentinCallaghan@sopuli.xyzM
2 points

OK.

permalink
report
parent
reply
Avatar
Nowyn@sopuli.xyz
1 point

Did Sopuli have any custom emojis enabled? Based on what I read about the hack the vulnerability was linked with those as detailed here.

permalink
report
parent
reply

Sopuli's Default Community

!main@sopuli.xyz

Create post

Community for all jibber-jabber. As this is a hard-coded community for every instance, we may get this doing something useful.

Simple test posts to !test_community@sopuli.xyz

Meta-discussion regarding the instance and support in problem situations !meta@sopuli.xyz

Yhteisö kaikenlaiselle pälätykselle. Koska tämä on kovakoodattu yhteisö jokaiselle instanssille, voimme tehdä tällä ehkä jotain hyödyllistä.

Yksinkertaiset testiviestit mielellään !test_community@sopuli.xyz

Instanssia koskeva metakeskustelu ja tuki ongelmatilanteissa !meta@sopuli.xyz

Community stats

  • 22

    Monthly active users

  • 60

    Posts

  • 60

    Comments

Community moderators