FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
How did it happen and what does this mean for me as a user of lemmy.ml who also follows people on lemmy.world?
One of the admin accounts appears to have been compromised. The owner/other admins appear to be aware now because that account had its admin access revoked and offending posts are being removed.
Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days.
I wouldn’t assume reasons why or that it’s fixed until that consensus has been more widely reached.
More time will definitely be needed. I’m glad they caught it and acted quickly enough to prevent more vandalism from occurring, but until we know how the account was compromised and what else they may have gotten in the process, it’s still a situation to keep an eye on.
Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days.
They added 2FA login to lemmy in one of the newer updates. Probably pretty pertinent for any admins to use it…
It’s buggy and missing some key checks to make sure it’s working when you set it up.
Real risk of locking yourself out of your account.
Not a whole lot - you might see some spam being federated from lemmy.world but I’d expect the lemmy.ml and lemmy.world admins will fix it, and them clean it up.
That’s probably good stress test to figure out how to handle that.
Compromised in what way? Can you post proof?
Just go to lemmy.world and see for yourself. (Or don’t actually, might give you a virus or something idk)
One of their admins (MichelleG) began posting messages about federation with only Threads. The site is redirecting users to Lemonparty (now there’s a throwback). Site information has been vandalized with racist slurs.
Just go to https://lemmy.world and see for yourself, although be careful it’s nasty.
As of now it looks like this:
And then it randomly redirects to gore sites like lemonparty or chaturbate or some pedo shit. It’s pretty bad.
image here ![] (https://lemmy.ml/pictrs/image/0332b83a-ab01-4c99-9155-2a08b02fb652.png)
among several others
God damn, spez-funded hacker groups already is trying to disrupt the resistance.
F
Just went there and didn’t immediately see anything out of the ordinary, but then was redirected to Chatroulette, lol yikes
Really hoping it’s “only” redirecting to offensive sites, and not to malware. I got redirected a few times, before I closed my browser.
TBF modern browsers are remarkably secure from being a vector to pwn your computer these days.
EDIT: I don’t endorse hanging out on a compromised lemmy.world. Focus on the implication for the bigger lemmyverse though. A hack coming through to you is unlikely.
