cross-posted from: https://lemmy.ml/post/1895271

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?


edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

  • TheSaneWriter@lemm.ee
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Deeply unfortunate that something like this could happen, you always hope that code injection vulnerabilities are found before someone is hacked. With that in mind, this shows the importance of two security principles: always parse and clean user input and don’t click links (including images) before checking where they are going to send you.

    • Dioxy@programming.dev
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      It’s worse than that. Until Lemmy is more mature, I would reccomend using the lite version of Lemmy, the JS-free version, for sake of client side security. Alternatively, or as an added point of security, the front-ends themselves should implement more sanitazion themselves. I’m willing to spend some free time vulnerability testing, but I would need a dedicated sand-box for that.

      • r00ty@kbin.life
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        The ansible method of setting up a lemmy instance generally “just works”. I set one up for federation tests with kbin recently.