75

lemm.ee response to current exploit situation

posted
*
by
Avatar
Navarian@lemm.ee
in
Avatar
meta@lemm.ee
23 comments
hidereport

See Here, Here and Here for information about the current situation and the exploits being used.

— UPDATE

Lemm.ee Admin @sunarus responded Here, TLDR is that Lemm.ee isn’t vulnerable, would advise reading the message if you’re still concerned.

Sort:
HotTopControversialNewOld
Avatar
sunaurus@lemm.eeAD
84 points
*

Hey folks! I have spent this morning helping lemmy.world mitigate the issue. I have also sent out mitigation instructions to other admins as well.

For the particular exploit that was used on lemmy.world:

  1. It does not spread through federation
  2. lemm.ee was not vulnerable in the first place
  3. As mentioned above, it has already been mitigated on lemmy.world

So there should not be any reason to defederate. I will continue monitoring and investigating, if further vulnerabilities pop up then I will adjust accordingly.

permalink
report
reply
Avatar
eee@lemm.ee
13 points

Thank you for being a valuable resource for the lemmyverse as a whole!

permalink
report
parent
reply
Avatar
aCosmicWave@lemm.ee
10 points

You rock! Sorry if this is a stupid question, but if both instances are running the same version of Lemmy, why would lemmy.world be affected but not lemm.ee?

permalink
report
parent
reply
Avatar
fragmentcity@lemm.ee
10 points

Malicious custom emoji contained scripts that sent session cookies to the attackers.

permalink
report
parent
reply
Avatar
aCosmicWave@lemm.ee
2 points

Makes sense! Thank you.

permalink
report
parent
reply
Avatar
TWeaK@lemm.ee
2 points

It should be said that the version number is more of an indication than anything specific. I don’t think it would be hard for an instance to spoof its version number.

Also, lemm.ee in particular has a few mods and tricks that might not be in the lemmy codebase yet - @sunaurus@lemm.ee has previously included new code he has pushed to the main stack before it has been accepted. This allowed us to have working versions of things before other instances.

Point being, two instances with the same version can have different code and implementations.

permalink
report
parent
reply
Avatar
Deez@lemm.ee
7 points

Perfect! Thanks for all of your work to keep the Fediverse functioning. We appreciate you!

permalink
report
parent
reply
Avatar
Navarian@lemm.eeOP
5 points

Appreciate the response and explanation, I have ammended post and title to reflect that.

permalink
report
parent
reply
Avatar
kobra@lemm.ee
4 points

Thinking about things in the future, if something were to happen to lemm.ee, how could users stay up to date with you and the other admins? do you have a mastodon account to follow or maybe matrix? for things like maintenance, emergencies, etc.

permalink
report
parent
reply
Avatar
sunaurus@lemm.eeAD
5 points

I’m thinking about doing some emergency updates on a Discord server - it seems like a huge amount of users have Discord anyway, so it might be the most convenient way. I’ll probably make a post about it soon!

permalink
report
parent
reply
Avatar
LexiconDrexicon@lemm.ee
3 points

Can confirm, issue resolved

permalink
report
parent
reply
Avatar
dizzy@lemm.ee
3 points
*
Deleted by creator
permalink
report
parent
reply
Avatar
Deez@lemm.ee
12 points

I don’t know enough to agree/disagree, but upvoted for raising the point, and to give it attention.

permalink
report
reply
Avatar
zoe@lemm.ee
10 points

this instance is really reliable. there is no shaking it! really glad to be here.

permalink
report
reply
Avatar
MyOpinion@lemm.ee
8 points

This is the best instance I have been on so far. It just works.

permalink
report
parent
reply
Avatar
eee@lemm.ee
7 points

How would a compromised instance affect us? The worst they can do is send spam posts.

permalink
report
reply
Avatar
Navarian@lemm.eeOP
5 points

That would generally be something I’d prefer to avoid.

permalink
report
parent
reply
Avatar
ugh@lemm.ee
4 points

They’re posting links that redirect to NSFW sites, and possibly Not Safe For Your Browser sites, as well. There could be phising links sent out next.

permalink
report
parent
reply
Avatar
BrikoX@lemmy.zip
4 points

Both instance are down at the moment.

permalink
report
reply
Avatar
Navarian@lemm.eeOP
3 points

Indeed though it’s still a bit up in the air who exactly has control of the instances, so they may come back online still compromised.

permalink
report
parent
reply
Avatar
BrikoX@lemmy.zip
7 points

Looks to be that admin accounts were compromized by hijacking admin sessions, so the infrastructure is safe.

permalink
report
parent
reply
Avatar
Navarian@lemm.eeOP
1 point

Sincerely hope that’s the case.

permalink
report
parent
reply
Avatar
ugh@lemm.ee
2 points

.world has already been down, back up, and down again. It might be smart until everything is resolved.

permalink
report
parent
reply

Meta (lemm.ee)

!meta@lemm.ee

Create post

lemm.ee Meta

This is a community for discussion about this particular Lemmy instance.

News and updates about lemm.ee will be posted here, so if that’s something that interests you, make sure to subscribe!

Rules:

  • Support requests belong in !support
  • Only posts about topics directly related to lemm.ee are allowed
  • If you don’t have anything constructive to add, then do not post/comment here. Low effort memes, trolling, etc is not allowed.
  • If you are from another instance, you may participate in discussions, but remain respectful. Realize that your comments will inevitably be associated with your instance by many lemm.ee users.

If you’re a Discord user, you can also join our Discord server: https://discord.gg/XM9nZwUn9K

Discord is only a back-up channel, !meta@lemm.ee will always be the main place for lemm.ee communications.

If you need help with anything, please post in !support instead.

Community stats

  • 821

    Monthly active users

  • 261

    Posts

  • 7.4K

    Comments

Community moderators