FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
Is @Ruud’s mastodon.world instance still okay?
Seems to be.
Well shit, just set up shop here. Had made a back up account on vlemmy the other day and that’s down too. What’s going on?
Vlemmy.net went down? Anyone know why or how?
deleted by creator
So strange…
And it’s likely we won’t get an explanation. The admin closed their donation accounts too. Looks like they either walked away or got seriously hacked. It seems they were worried about illegal material on their server, which was on their own machine at home, so walking away would make a lot of sense.
They had a pure open federation model, so anyone who subscribed to an instance that hosts child porn put the instance owner at risk of child porn possession charges. I wonder if the owner came across a problem file that was cached from an external server and said “Nope. Dealing with this is above my pay grade”
deleted by creator
It was cleaned up on the home page, but now back to being defaced as of this comment time.
Another user on the site confirmed this:
Oh wow again? 10 min ago it was clean! The .world admins are having a productive day lol
Now I’m unable to open lemmy.world, even on liftoff. Mods must have taken it down.
Same here. Seems to be toast through the liftoff app but I haven’t visited the site since the news broke. Liftoff was working an hour ago when it first happened.
Oof. Oh well, at least they’re getting recognized I guess.
4AM in the Netherlands where the instance owner Ruud lives… hopefully his assistant admins can clean it up, but it might be a bit before he even knows anything is wrong.
I decided to check it and it tells me that ‘The site has been seized by Reddit for copyright infringement’.
Same, I think I’m staying up to watch the drama tonight lmao
The ADHD has found an excuse not to let the brain turn off
FACTS
we did it Reddit! /s
lmao
I saw this and laughed. Yes, that’s definitely how copyright works.
Twitter taking Threads down and posting this lol
deleted by creator
I’m seeing zero comments come out of Lemmy.world in the past 15 minutes, app users shouldn’t have been redirected… and users commenting from other servers should be going to communities homed there. I wonder if they shut off federation. I normally see over 10 comments a minute: https://lemmyadmin.bulletintree.com/query/comments_ap_id_host_prev?output=table&timeperiod=15
Last post received in my instance from them was over an hour ago. I usually see one or two a minute. Comments stopped at the same time and those are usually about every 5 seconds.
Hmm. They seem to have cleaned up a lot of things by now. If federation is an issue that might something the hacker did? Though pausing federation as a precaution makes sense.
Main instance hacked? Time to use an alt!
The first hack is a rite of passage for every site that gets big. It means we’ve been recognized!
Luckily, this seems to be a standard troll (with some tech knowledge) - they’ve defaced the site and put redirects to shock sites, rather than injecting actual malware or quietly collecting everyone’s passwords. This could be much worse.
Looks like this thread is getting mass downvoted by bots btw
Ah, crap…
Wtf? What even is happening?
lemmy.world was briefly back to normal and there had been a post saying that everything was fine now - it’s not.
The site has just started doing the same thing again.
Please do not try using lemmy.world for the time being.
the post saying everything was fine now was coming from the same account that was originally compromised
We’ve changed our name to Israel. - The Admins.
Lol so how do you expect to be notified then? You don’t think they can get their account back? They’ll get it back eventually.
They have multiple admins. The expectation would be for one of the non compromised admins to make the announcement. It’s a trusted channels thing
i just got logged out of my account from Jerboa and can’t login anymore. my is completely wiped from my app now.
edit: okay seems the admins have taken down lemmy.world and thats probably why it happend in the app. but its weird that it just wipes the login and data of the instance in the app… weird.
My self hosted instance has hiccups sometimes and Jerboa just doesn’t handle it super well. You can swipe away the app and reopen once the server is back and it should come right back up.
Jerboa tries to log in with session info passed to the server, if the server doesn’t respond properly then it just calls you Anonymous, because it can’t acquire your username and info. That’s probably what’s happening.
oh, okay. didn’t knew that. i expected that it saves the login information locally (encrypted) and then uses this to login… and if there is an error, that it just says “login error” or something… with the option to retry.
it’s weird that it looks like the whole login data just gets wiped. confused me a lot since it also said Anonymous as my user etc… really thought first my account got hacked after all that issues.
I’m not using your app, I’m still learning Connect but ran into similar sounding confusion. Maybe yours is acting the same way: Connect puts an option in the settings to switch which instance(.world/.ee/.ca) it’s running on, and each option will show its own list of users in the apps main sidebar. I switched and thought I lost all my login info, but it was there when I switched back. I maybe wouldn’t try switching to .world right now, but if that’s how your app works maybe it’s all still there waiting.
deleted by creator
Yea, bad timing it seems, especially as lemmy just got on top of its scaling issues.
They seem to be unrelated. The vlemmy story is mysterious, unless something new came out, but either their home server died or they got scared of whatever bad/illegal stuff landed on their home server and just wiped it all and walked away. A bad story that shouldn’t happen, but, if true, a bad admin that we are probably better off without unless they do things somewhat better.
The lemmy.world story seems to be that an admin had their credentials hacked. Not good but also somewhat ordinary. Hopefully they just need some better security practices. There are questions around how much lemmy the software contributed to this hack and how much it can prevent a rogue admin from causing damage. I’d bet that there are improvements to be made but that in the end any admin of anything is a vulnerable point of attack. This may just be an individual’s bad luck or bad practices.
For me, it highlights the issues with having relatively centralised instances like lemmy.world. One admin gets hacked and a quarter of lemmy is under their control!
deleted by creator
Fair point.
Which small instances caused a problem?
deleted by creator
Oh. Well that one just disappeared, which is something that will happen a lot.
