Vietnam flashbacks of shock sites.

This is the unregulated chaos I've been missing from my internet. Feels like home.

Seems like there’s an active cookie-scraping attack going on. Lots of compromised accounts are going around different instances posting links with drive-by JavaScript. The JS tries to grab your current login token, which would give hackers access to your current login session.

They don’t need your password because they’re just grabbing that cookie that your browser gets when you check the “Keep me logged in” checkbox on login. That’s what allows you to verify your account across multiple sessions, and it allows them to do the exact same thing. They can simply send that authorized token, and “log in” as you. This would (likely) work across instances, because if they grab your cookie then it will give them access to whatever instance your account is logged in on.

So Lemmy.world will likely need to be completely defederated (to stop any compromised accounts from posting on other instances) and your specific instance will likely need to deauthorize all current login tokens (which will forcibly log everyone on your instance out) to stop any local accounts that got hit.

Did you read my post? -I said there might be malware. -I said not to visit lemmy.world -The entire site may be fucking compromised. If you have control the servers, you can change database values to make your post any amount of upvotes you want.

https://sh.itjust.works/post/923025 The comments in this post explain it better than I can, but this seems like a much bigger issue than an admin account being compromised.

That's exactly what happened. And anyone complaining about vote rigging is probably from exploding-heads too.

It's taking out multiple instances, lemmy.blahaj.zone just went down too

There's an admin matrix chat

Could I get hacked or compromised or something just by lurking the website? I didn't notice the Israel stuff until a bit late
Password was randomly generated like 5f.4_0@3j&j so no common passwords

Confirmed - fucked on my end too. Looks like the 18.1 update had some sort of major vulnerability.

They seem to be down at the moment. I seriously hope SJW is not affected.

Spez?

Damn. SJW and .world share the same lemmy source code. Could what is happening to .world happen to SJW? I'd take a dig into the lemmy code, but my brain is literal mush right now, its 11:16 PM here.

Lemmy.world was defaced last night. As far as I know, there is no DB breach. An XSS vulnerability was abused to steal the cookies of an admin account.

Yup, I got "this website has been seized by reddit for copyright infringment". Very mature

Yeah, I get that too, minus the Reddit part. However, during the ten minute span where the attack was resolved (then restarted), a mod/admin account reported that it was caused by a compromised admin account, so not Reddit taking over the site via copyright law. They removed the account, but the issue seems to be back now.

There are times when it pays to not be updated of what's going on. This is one of those times. Sorry your eyes had to be subjected to that torture. My first experience with those sites were similar years ago. At work. Lmao fml

An admin had their account compromised. The other admins have since fixed the account and everything should be operational again.

EDIT: Well the site's still down while they clean up the mess that was left behind. But I think the root problem is fixed now. Should be just a matter of time before they flip the switch again.

A .world mod/admin mentioned a compromised admin account. They removed the account, but the issue returned soon after I made the first edit to the post.