cross-posted from: https://lemmy.world/post/1287053

Be alert, Please do not launch a new tab of Lemmy.World. Having tabs already open with this site is fine but as soon as you do you will be bombarded with awful content with malicious intent to cause shock, disgust and distress.

In the meantime use alternative instances, other instances are not affected by this compromise. Do not open any links/posts from the user MichelleG.

Thanks for reading, please stay safe out there Lemmy users!

Update: Lemmy World is under attack again.

Update: I am not a super code-literate person so bare with me on this… But. Still please becareful. There appears to be a vulnerability.

Users are posting images like the following:

https://imgur.com/a/RS4iAeI

And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.

Among other things. At this time if you see an image please click the icon circled before clicking the link. If you see anything suspicious, please report it immediately. It is better a false report than a missed one.

  • Artistan
    link
    English
    371 year ago

    Going through an app also prevents the awful redirects.

    • @malloc
      link
      English
      81 year ago

      Speaking of apps. Seems like this is a possible attack vector.

      Maybe a malicious actor copies code of one of the popular apps (Voyager/wefwef), adds code to extract JWT token or whatever auth token, gathers list of high value targets (admins / mods of large instances or communities), then hijacks instance.

      Very easily could have been much worse. On the flip side, glad it was just a script kiddie

    • @axtualdave
      link
      English
      191 year ago

      The worst part was it wasn’t even good gay porn.

    • @malloc
      link
      English
      101 year ago

      Updating profile with “I survived 🍋 🎉 of July 2023”

    • @danc4498
      link
      English
      -241 year ago

      Liberal terrorism

  • AFK BRB Chocolate
    link
    English
    181 year ago

    Why the hell do people have to be complete assholes? I had just clicked a link and got all the crap, then couldn’t go to the homepage or any of the posts in my history. I thought I got a virus until I tried it on my other device.

    Honestly should be just as illegal as vandalism.

    • AerOPM
      link
      English
      141 year ago

      I mean it kinda is, the hacker exposed potential children to p*rnographic content.

      • AFK BRB Chocolate
        link
        English
        21 year ago

        I only saw the one pic of the guy with the disgusting word balloon - was closing windows pretty fast. Yeah, if they did that it should be reported.

  • @elk_1337
    link
    English
    181 year ago

    The home page seems to be operating normalish now

  • Tygr
    link
    English
    161 year ago

    This is all part of growing pains on a new admin suddenly owning the top lemmy instance because they knew a little bit about branding.

    As I’ve said before, I’m giving the admin a couple months and I feel they’ve done a fantastic job already.

  • @Candelestine
    link
    English
    121 year ago

    I’m checking on mobile web browser atm, everything seems fine.

    • AerOPM
      link
      English
      181 year ago

      Things are slowly getting restored, the mod that was compromised has been removed. Hopefully nothing more happens. I’ll unpin this post as soon as I am 100% sure on that though.

      • @Candelestine
        link
        English
        71 year ago

        Thanks for helping take care of it, that was a pretty quick response from you guys. I’m betting the talk for the next day is gonna be all about 2FA. lol

      • @danc4498
        link
        English
        31 year ago

        Any word on what happened?

      • @strict
        link
        English
        -11 year ago

        Removed by mod

  • AerOPM
    link
    English
    81 year ago

    It is concerning as I have received a message from a compromised admin 1 hour ago telling me that an app developer wanted me to help them with mod tools.

    Hard to know if this is genuine or not, but given what has happened I am going with an attempt at breaching my account.

    • @[email protected]
      link
      fedilink
      English
      21 year ago

      That, is actually kind of fascinating and may be important info for someone doing a follow-up investigation. If that was the bad actor phishing for moderation access, why would they need that, when they already had an admin account? If it was legit, then it’s super sus. whoever this app developer was needs to have a little light shone on them.

      • AerOPM
        link
        English
        21 year ago

        Could be where the DM from the admin was legitimate but got compromised following contact by this app developer.

        It is also possible nothing of the sort happened. The timing was just extremely alarming

  • Margot Robbie
    link
    English
    61 year ago

    Let this be a lesson to all. Use long passwords with a password manager to deter brute force attacks. Use 2FA for your account. It’s security 101.

  • @[email protected]
    link
    fedilink
    English
    3
    edit-2
    1 year ago

    I think this carrying on without providing more information is reckless. Does an actual admin from this instance really know what happened or are you just taking a bunch of random commentary and speculation as gospel then telling the users “we’re good.”

    • AerOPM
      link
      English
      17
      edit-2
      1 year ago

      I am a moderator of this community, not an admin of Lemmy.World

      I know about as much as you. The difference is I have been spending time researching and discussing findings with other mods rather than sleeping which is what I should be doing.

      I found critical information that I thought important to share. That is all there is to it. If you do not feel safe using Lemmy.World you should login to another instance.

      The owners of Lemmy.World are also in the EU so are likely still asleep or awake and trying to figure this shit out.

      • @[email protected]
        link
        fedilink
        English
        -51 year ago

        You do you. I would tell my users I have no idea what’s going on, and definitely not say “using your open tabs is probably fine.”

        • AerOPM
          link
          English
          71 year ago

          The attack involved a redirect that only affected pages that were freshly opened. If you had tabs that were opened before the attack no redirects happened, no malicious URLs of the sort. It showed the website as it was normal.

          That statement was in fact true. The attack only happened when you opened a new tab of Lemmy.World

  • StrikerM
    link
    English
    21 year ago

    Update: Things seem to be calm about the moment. If there is any updates please inform me.

  • @lemminer
    link
    English
    21 year ago

    Someone posted lemmy.world getting federated with threads. Was that legit?

    • @Syan
      link
      English
      41 year ago

      It was the admin account mentioned in the post, MichelleG, which got compromised. No one is dumb enough to federate with that trash, it was just a troll.

    • @Cyyy
      link
      English
      41 year ago

      was the hacker

    • @Syan
      link
      English
      11 year ago

      deleted by creator

  • @OtakuAltair
    link
    English
    21 year ago

    Lemmy.world redirects to that guy smoking in the woods for me on webview