• Candelestine@lemmy.caEnglish
    56·
    3 years ago

    Yea, I switched to this alt. It appears to be one of the assistant admins accts. Seems like an old fashioned anon prank, to me, they’re mainly just trying to make stuff offensive and redirect people to lemonparty.

    So, y’know, old school.

    I don’t know if any data is actually in danger, but I doubt it. I don’t see why assistant admins would need access to it.

    • CMahaff@lemmy.mlEnglish
      161·
      3 years ago

      My concern is that configuring the site to automatically redirect users sounds like they have pretty large control over the site - the kind of control that I would assume is usually limited to users with root access on the server.

      Obviously hope nothing of value is lost and that there is a proper off-site backup of the content.

      Edit: See Max-P’s comment, it looks like the site redirection was accomplished in a way that IMO suggests they do NOT have full control over the site. We’ll obviously have to wait for the full debrief from the admins.

      • JackbyDev@programming.devEnglish
        5·
        3 years ago

        If it was just DNS that doesn’t mean too much. If it was just DNS it seems to be back up. It’s like changing the number in a phone book.

      • thanks_shakey_snake@lemmy.caEnglish
        3·
        3 years ago

        Yeah the “redirect somewhere else” attack definitely doesn’t necessarily require any particular control of the site. Usually it’s noticing that you can trick some text into being run as Javascript, instead of interpreted as text… And then you just stick in a cheeky little <notarealscript>window.location = "https://www.badsite.horse"</notarealscript> into that spot.

        Then every time that comment, username, (in this case apparently) custom emoji, etc. gets loaded, whoops, the code runs and off you go!

        So no control of the site is required at all.

    • Vilian@lemmy.caEnglish
      5·
      3 years ago

      probably even the top admin don’t, it’s gonna be encrypted, so even they don’t know your password(except if they changed the code to store it in .txt) but always use differnt password in the internet

  • bigben111@lemmy.mlEnglish
    391·
    3 years ago

    How did it happen and what does this mean for me as a user of lemmy.ml who also follows people on lemmy.world?

    • Stovetop@lemmy.mlEnglish
      47·
      3 years ago

      One of the admin accounts appears to have been compromised. The owner/other admins appear to be aware now because that account had its admin access revoked and offending posts are being removed.

      Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days.

  • upt@lemmy.ml
    30·
    3 years ago

    Being a part of Lemmy in these early days has been kind of interesting, seeing all of the bugs and bits that will be ironed out over time. One day when Lemmy is as old as Reddit it will all be folklore. Maybe.

  • maegul (he/they)@lemmy.ml
    25·
    3 years ago

    Hmmm. Don’t know what the fall out of this will be. But a lot of lemmy is on that server. Unfortunately. Maybe we’ll learn a lesson in the value of decentralisation.

    Ruud also runs mastodon.world, FYI.

    • Lemon@lemmy.blahaj.zoneEnglish
      141·
      3 years ago

      This is why it makes sense for communities to not all pile into one instance, it gives one instance admin too much power and responsibility over everything.

    • Vilian@lemmy.ca
      5·
      3 years ago

      was just some of the admin in the lemmy, i don’t think they share the same admins

    • Stovetop@lemmy.ml
      13·
      3 years ago

      It looks like they’re in the process. The compromised account was demoted from admin and I see posts are being removed. There will definitely need to be some sort of investigation into how this happened, though.

  • RunAwayFrog@sh.itjust.worksEnglish
    13·
    3 years ago

    Don’t know if this will be relevant at all, but I’m almost hoping this will force Lemmy devs to abandon the obscure markdown crate they use for pulldown-cmark.

    Using an obscure markdown implementation just because it supports spoiler tags always sounded like a silly decision to me!

  • CMahaff@lemmy.mlEnglish
    13·
    3 years ago

    4AM in the Netherlands where the instance owner Ruud lives… hopefully his assistant admins can clean it up, but it might be a bit before he even knows anything is wrong.

  • bamboo@lemmy.blahaj.zoneEnglish
    121·
    3 years ago

    Just went there and didn’t immediately see anything out of the ordinary, but then was redirected to Chatroulette, lol yikes

    • tarjeezy@lemmy.caEnglish
      10·
      3 years ago

      Really hoping it’s “only” redirecting to offensive sites, and not to malware. I got redirected a few times, before I closed my browser.

    • maegul (he/they)@lemmy.ml
      4·
      3 years ago

      Hmm. They seem to have cleaned up a lot of things by now. If federation is an issue that might something the hacker did? Though pausing federation as a precaution makes sense.