Lemmy.world and another instance have been compromised
cross-posted from: https://lemmy.ml/post/1895271
FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
You are viewing a single comment
Wtf how is this even possible? Are the Lemmy devs smoking crack? If you're going to run a reddit alternative, it may be wise to sanitize the fuck out of everything posted on there.
Please feel free to perform a full security audit.
You are free to open a PR
Not really helpful though is it? It's like going to a friend's house and asking why there is a sink hole in the middle of the floor that everyone is walking around, and they say "feel free get a hammer out".
It's more like when everyone is looking at the previously unknown hole and discussing how to patch it up and you start yelling how it is unacceptable as your friend's house is a "bar alternative"
Honestly I think you're all right. This is such a basic vulnerability it should never existed... AND I told you so's and bitching don't help.
Little Bobby Tables strikes again
Now seriously, people forget that Lemmy is alpha software, and Kbin is even younger
People have said the platform is years old, but it didn't really get tested until June. I wouldn't be surprised if more issues like this are found.
¯_(ツ)_/¯ Lemmy.
the threadiverse wasn’t exactly popular until the reddit exodus
id probably flip it: are lemmy users smoking crack? if you’re going to run to a reddit alternative, it’d be wise not to choose alpha software!
well Reddit was hacked so lemmy is still on track