This is why I've decided against running my own Lemmy instance. Too much work to have to keep up constantly with updating, too big of an attractive target for attackers.
this post was submitted on 10 Jul 2023
3290 points (99.3% liked)
Lemmy.World Announcements
29079 readers
235 users here now
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world/
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to [email protected] e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email [email protected] (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
founded 2 years ago
MODERATORS
If you run the instance only for yourself then I'd say it makes you an unattractive target. Why do a lot of work to hack an instance with one user?
But yeah, since Lemmy's code is not super mature there'll be some pains in the short term.
load more comments
(1 replies)
load more comments
(1 replies)
Interesting.
Attackers started changing site settings and posting fake announcements etc
So at least that wasn't 100% malicious, otherwise they could've kept the vuln hidden and just collect data and whatnot.
On the other hand, who cared enough about Lemmy to hack it? Weird.
load more comments
(4 replies)
I can't log into my account anymore, this one is a new one I've just made. I tried to reset my password but nothing came in the mailbox. I can still see comments and posts from that account though.
It's this one:
And I don't know why but I can't save the profile pic for this account.
Edit: Nvm, I use another email to sign up for Lemmy and forgot about it
load more comments
(2 replies)
With the JWT secret rotation, shouldn't everyone be forced to re-login? I'm posting with my existing session without any changes.
load more comments
(2 replies)
Must have been jealous spez
If I'm not from lemmy.world and visited a lemmy.world community via my home instance, does the hacker gain access to my account?
If I, while logged in to my home instance, accessed lemmy.world in another tab, does the hacker gain access to my account?
Does this hack infect devices used to access lemmy.world?
Sorry for noob questions, I'm just worried.
load more comments
(2 replies)
Thanks for the transparency. Was having issues with Lemmy, now seems everything back to normal. Got a question, Just to add an extra layer of security, Do i need to use ToR or VPN with Lemmy ?
load more comments
(2 replies)
Well that's just great it really is a shame though how some people would actively want to ruin something free like this just because they can.
load more comments
(1 replies)
Rock on, Rudd.
Here's a relevant post that talked about this with @[email protected] I think is worth looking into for anyone curious what exactly happened.
https://sh.itjust.works/post/923025
please don't visit the legal section of the website or anything confirmed compromised if anything.
I noticed this morning for a small amount of my posts with pictures, maybe 5-10%, the pictures were deleted or missing. Not sure if this is related to the incident.
load more comments
(2 replies)
Excellent, thanks for the quick response ruud and admins.
Thanks all working again. Had to clear my browser cache in order to login again and had to resign in to memmy too.
I guess its early days for lemmy for incidents like this, fingers crossed something like this doesn't happen again :)
It's a nice reminder that those with the skills but not the bad intentions would be welcome to look through the source code for vulnerabilities and report/patch anything they might find. :)