I know that taking the instance offline isn’t an easy decision but it was the right choice to make until the exploit was patched.

For those who weren’t aware, from my understanding there was an exploit with custom emoji on the Lemmy front end that allowed a malicious script to be ran, which was stealing login cookies. This started on Lemmy(dot)world.

This seemed to have been patched this morning.

From what I’ve seen it didn’t seem to propagate through federated comments but never can be too careful.

Thanks crash and admin/mod team for keeping us safe 🙂

  • natebluehooves@pawb.social
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    FYI, it’s mostly crashdoom, I just keep the server online in terms of hardware.

    PS: if the server goes offline, I was probably nibbling wires. they’re VERY tasty ,…,

  • colourlesspony@pawb.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Ever since the Linus hack I’ve been paranoid about session token stealing. I think they made the right decision too.

    • LightDelaBlue@pawb.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      fun fact (or not) its a common feature to use the token for stuf like Jdownloader for download youtube video tag as +18. and its SUPER easy to export the token like 3 click.

    • Spitfire@pawb.socialOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yeah it’s been happening more often it seems.

      But when something like this does happen I tend to want to gather as much info about it as I can. I was reading up on it through GitHub comments and other Lemmy comments on instances not affected.