It seems (mostly?) sanitised from the hacker's defacement and is running (mostly) as though nothing has happened (which is perhaps alarming?).
Maybe avoid visiting if you have an account there (until things are verified) as it seems part of their hack was to scrape JWTs/cookies through a JS/scripting injection. (See, eg https://lemmy.sdf.org/comment/850269)
Seems that there was a vulnerability which has been patched and cleaned up. Patch is yet to be merged and pushed to all instances apparently.
Overall this incident has both positives and negatives. It’s not good that this could have happened. I’m not clear on the root cause so others can attest.
Positively, lemmy is an active platform, attracting attacks and devs/admins patching and maintaining the space.
@maegul
Ok, this just makes a lot of sense. Also...
If your instance is down (mine was due to a failed AC issue), even having an external admin account would not help because people would not have access to their account to see the admin. This is assuming users are not aware of the link to the admin account on another service. I need to think on this now though. I like the idea.
Add comment