Kaity A@lemmy.blahaj.zoneM to

Blahaj Lemmy Meta@lemmy.blahaj.zoneEnglish · 1 year ago

Blåhaj Lemmy hacked

211

Blåhaj Lemmy hacked

Kaity A@lemmy.blahaj.zoneM to

Blahaj Lemmy Meta@lemmy.blahaj.zoneEnglish · 1 year ago

Hi everyone.

Lemmy had an XSS vulnerability and we were one of the instances attacked through this vulnerability. We had our homepage replaced by a youtube video.

The lemmy devs were quick to create a PR for this issue and we have patched our instance to fix it,

Also while I do not believe any login tokens were compromised, we have taken the additional measure of rotating our secret ket, so everyone will have to login to the site again as your existing credentials will no longer be valid.

Sorry that this happened, if you have any questions please contact @[email protected] or myself.

blobcat, heart

Chat

Kaity A@lemmy.blahaj.zoneOPM
link
fedilink
English
arrow-up
1·
1 year ago
It seems like it is an identified issue with token invalidation in lemmy and they will be fixing (or have already fixed?) it in a future upgrade.

I’ll keep an eye out for it and try to get it in as soon as possible. In the meantime, clearing site cookies while tricky is the only real option.
- Sunny@lemmy.blahaj.zone
  link
  fedilink
  English
  arrow-up
  1·
  1 year ago
  Thank you very much 👍🏻

Blahaj Lemmy Meta@lemmy.blahaj.zone

main@lemmy.blahaj.zone

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

Blåhaj Lemmy is a Lemmy instance attached to blahaj.zone. This is a group for questions or discussions relevant to either instance.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

4 users / day
58 users / week
121 users / month
1.43K users / 6 months
2 local subscribers
2.31K subscribers
226 Posts
3.98K Comments
Modlog