Dr. Dan Killam
If anyone is on #Lemmy dot world, one of the largest Lemmy servers, heads up that it seems to have been compromised, stay away for now.
Jul 10, 2023 at 2:39amWeb
Show threadDr. Dan KillamJul 10, 2023
Lemmy.world is back online. There was a vulnerability regarding custom emoji which allowed attackers to steal admin credentials and deface the site.
https://lemmy.world/post/1290412
https://lemmy.world/post/1293336
Show threadSimplelifelfkJul 10, 2023
@dantheclamman What does “compromised” mean in this case?
Show threadDr. Dan KillamJul 10, 2023
@rminear slurs appearing here and there on the homepage, redirects to some offensive memes. not sure what kind of exploit, hopefully data will be preserved when @ruud gets back control
Show threadhannana  Jul 10, 2023
@dantheclamman Also lemmy.blahaj.zone, though that one is just a YouTube video on the homepage
Show threadDr. Dan KillamJul 10, 2023
@hannananana yikes, one admin across multiple instances, or some deeper sort of vulnerability?
Show threadhannana  Jul 10, 2023
@dantheclamman from what I've heard its a lemmy vulnerability, scary!
Show threadDr. Dan KillamJul 10, 2023
@hannananana oh dear what a mess
Show threadUpstate_DownstateJul 10, 2023
@dantheclamman Can confirm that the Memmy App is showing NOTHING when logged into Lemmy dot world. Desktop page shows posts but they seem many hours old.
Show threadDr. Dan KillamJul 10, 2023
@Upstate_Downstate it appears to be back on web and Jerboa. Not sure what changed to interfere with Memmy
Show threadUpstate_DownstateJul 10, 2023
@dantheclamman so it winds up I just had to like re-load the feed. I don’t know how Memmy was affected otherwise. Devs saying all is well.