[Meta] Lemmy.world (and some others) were hacked - LemmyWorld
[Meta] Lemmy.world (and some others) were hacked - LemmyWorld
While I was asleep, apparently the site was hacked. Luckily, (big) part of the lemmy.world team is in US, and some early birds in EU also helped mitigate this. As I am told, this was the issue: - There is an vulnerability which was exploited - Several people had their JWT cookies leaked, including a...
There is some information about a vulnerability in the Lemmy frontend.
So I have questions for the SDF mods and admins.
- Has this affected our instance in any way?
- Has the fix been applied to our frontend?
Or is our instance like the Elusive Joe, and we're not so big yet that we're worth hacking?
Earlier this morning all four lemmy (lemmy.sdf.org, lemmy.sdfeu.org lemmy.sdfjp.org and lemmy.sdfcn.org) instances were updated to UI: 0.18.2-rc.1 BE: 0.18.1-10-g9c2490d4f.
12 0 ReplyOh, exactly! There's a pinned post in the community that reports Lemmy version updates on the server.
5 0 Reply
This seems like a rather new situation. The Github links below seem to mention that other instances were also suffering problems.
https://github.com/LemmyNet/lemmy-ui/issues/1895
https://github.com/LemmyNet/lemmy-ui/pull/1897
It appears like a fix was only made available about an hour ago.
https://github.com/LemmyNet/lemmy-ui/issues/1895#issuecomment-1629219976
3 0 Replychanging your settings (which shows your e-mail)
Do some instances require an email address? SDF didn't when I signed up, which I thought was awesome.
3 0 ReplySome do. E.g. lemmy.world.
For some instances, email can be filled and isn't mandatory. E.g. beehaw.org.
3 0 Reply