this post was submitted on 10 Jul 2023
34 points (94.7% liked)
Lemmy.world Support
3217 readers
49 users here now
Lemmy.world Support
Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.
This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.
This community is subject to the rules defined here for lemmy.world.
You can also DM https://lemmy.world/u/lwreport or email [email protected] (PGP Supported) if you need to reach our directly to the admin team.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Good job on the cleanup.
I'm not seeing any issues anymore, at least from my end.
Just got another redirect, it's definitely still happening.
Based on the Github / Rudd's new post, it looks like there was an "Evil Post" that contained a Markdown-to-Javascript escape and actually allowed the hacker to run Javascript in our web-browsers. Something to do with custom emojis?
So the problem was multi-fold.
The hacker created the "Evil Post", which constantly was stealing people's cookies. Anyone who viewed the evil post in a web browser (Chrome/Firefox/Edge) allowed the hacker to have access to their account (and anything you can do in the web browsers).
The hacker waited until an admin viewed the post. Then took control of the administrator's account, and likely a few other people's accounts as well. DMs containing the evil-Javascript post were sent to various moderators.
Hacker used the account access to just troll us.
Fixing #3 doesn't fix #2 or #1. So eventually, when #3 was fixed, the hacker just grabbed the admin-account and made everything back to the way it was.
The problem wouldn't be fixed permanently until #3, #2, and #1 were all fixed. Which they seem to be fixed now. But this "evil post" is going around the Federation. Other Lemmy-instances may have the post cached, and the users on those lemmies will likely have their JWT cookie also stolen (allowing the hacker to take over people's accounts those instances in a similar manner)