this post was submitted on 10 Jul 2023
92 points (98.9% liked)

Lemmy Support

4651 readers
17 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago
MODERATORS
 

At a minimum they had some hacked web UI mayhem going on along with at least 1 admin account compromised...now they are in an at least partially down state. Might be worth alerting the Powers That Be to see if they want to offer assistance and if any measures should be taken to protect servers federated with it.

top 19 comments
sorted by: hot top controversial new old
[–] darrsil@beehaw.org 27 points 1 year ago (2 children)

I'm surprised I haven't seen more posts yet about this. A rogue or compromised admin put JavaScript redirects on Lemmy.world as well as changed the name and some other things. The other admins removed the compromised admin, but then about 30 minutes later they were reinstated and started wreaking havoc again. The instance eventually went offline completely.

[–] oxf@lemmy.ml 19 points 1 year ago (2 children)

Thanks for the explanation. What terrible news...

Seems we're still in the early stages for this major happening, so I'm sure there will be more information released very shortly.

I guess this goes to show why a federated networks are important, and why people shouldn't flock to the most popular instance. Right now many communities are down because of this, while the ones that were wise enough to set up their own instances are unaffected.

[–] OtakuAltair@lemm.ee 8 points 1 year ago* (last edited 1 year ago) (1 children)

people shouldn’t flock to the most popular instance

That's precisely why I joined vlemmy.net, but now that seems to be suffering some other issue and is just completely down since yesterday...

Growing pains, I suppose. Mastodon had a serious vulnerability discovered a few days ago too. Looks like the fediverse is gonna need some time to adjust to this sudden massive wave of users.

[–] db0@lemmy.dbzer0.com 1 points 1 year ago (1 children)

vlemmy.net seems to be permanently down.

[–] isVeryLoud@lemmy.ca 1 points 1 year ago (1 children)
[–] db0@lemmy.dbzer0.com 1 points 1 year ago

Search around. There was a big thread about it

[–] voidhearts@lemm.ee 4 points 1 year ago

I have no idea what is going on. Can anyone give me a ELI5? What happened? What is it doing?

[–] AfricanExpansionist@lemmy.ml 2 points 1 year ago (1 children)

Vlemmy is also down. I wonder is it's experiencing the same thing

[–] db0@lemmy.dbzer0.com 2 points 1 year ago

no that one seems to have abandoned lemmy

[–] Granixo 17 points 1 year ago
[–] wetnoodle@sh.itjust.works 15 points 1 year ago

it got to lemmy.blahaj.zone, it's a JavaScript injection https://lemmy.ml/post/1895271

[–] astropenguin5@sopuli.xyz 4 points 1 year ago* (last edited 1 year ago)

well that would explain the problem i had then! the error page redirected me to this community very helpfully. i was meaning to make another account on a smaller instance anyways, so not entirely bad

[–] spitz@lemmy.ml 0 points 1 year ago (1 children)

I deleted my .world account yesterday. Sorry if it's a stupid question, but do I have to do anything about that? If so, what?

[–] OtakuAltair@lemm.ee 4 points 1 year ago (1 children)

You ruined everything! 😡

No lmao an admin account got hacked it seems

[–] spitz@lemmy.ml 1 points 1 year ago (1 children)

I got that much, but I don't understand anything else. JavaScript injection? Is someone going to steal my deleted account or is that not possible?

[–] ugh@lemm.ee 4 points 1 year ago (1 children)

From what I've read, links were redirecting to "shock" websites. It's more of an old-internet Rick roll, but with gore type content instead of a silly music video. I don't think we have to worry about data, but we'll learn more in the next hour(s).

[–] spitz@lemmy.ml 1 points 1 year ago (1 children)

Thanks for the explanation!

[–] TonyTonyChopper@mander.xyz 1 points 1 year ago (1 children)

On another post they showed it was stealing browser cookies, so your login information for any site you're logged into could be compromised. Definitely not a prank

[–] spitz@lemmy.ml 1 points 1 year ago

So how does that effect a deleted account?

load more comments
view more: next ›