FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
Seems fine now
deleted by creator
Yea, bad timing it seems, especially as lemmy just got on top of its scaling issues.
They seem to be unrelated. The vlemmy story is mysterious, unless something new came out, but either their home server died or they got scared of whatever bad/illegal stuff landed on their home server and just wiped it all and walked away. A bad story that shouldn’t happen, but, if true, a bad admin that we are probably better off without unless they do things somewhat better.
The lemmy.world story seems to be that an admin had their credentials hacked. Not good but also somewhat ordinary. Hopefully they just need some better security practices. There are questions around how much lemmy the software contributed to this hack and how much it can prevent a rogue admin from causing damage. I’d bet that there are improvements to be made but that in the end any admin of anything is a vulnerable point of attack. This may just be an individual’s bad luck or bad practices.
For me, it highlights the issues with having relatively centralised instances like lemmy.world. One admin gets hacked and a quarter of lemmy is under their control!
deleted by creator
Which small instances caused a problem?
deleted by creator
Oh. Well that one just disappeared, which is something that will happen a lot.
Fair point.
For those not aware, the beehaw server did intentionally shut their instance down to avoid any issues.
See announcement here: https://hachyderm.io/@beehaw/110687918465426082
It appears that the deface attack is back in full swing (racial slurs and all the redirects)
Lemmy.world front page is back up, but I am now logged-out
deleted by creator
Do not know
Login currently does not work. After you log in, you are not logged in.
They still have fake content on the front page. In a bogus community.
deleted by creator
Yep … lemmy is home sick today. It has gone to the Doctor and should hopefully get better soon.
lemmy.world was briefly back to normal and there had been a post saying that everything was fine now - it’s not.
The site has just started doing the same thing again.
Please do not try using lemmy.world for the time being.
i just got logged out of my account from Jerboa and can’t login anymore. my is completely wiped from my app now.
edit: okay seems the admins have taken down lemmy.world and thats probably why it happend in the app. but its weird that it just wipes the login and data of the instance in the app… weird.
Jerboa tries to log in with session info passed to the server, if the server doesn’t respond properly then it just calls you Anonymous, because it can’t acquire your username and info. That’s probably what’s happening.
oh, okay. didn’t knew that. i expected that it saves the login information locally (encrypted) and then uses this to login… and if there is an error, that it just says “login error” or something… with the option to retry.
it’s weird that it looks like the whole login data just gets wiped. confused me a lot since it also said Anonymous as my user etc… really thought first my account got hacked after all that issues.
I’m not using your app, I’m still learning Connect but ran into similar sounding confusion. Maybe yours is acting the same way: Connect puts an option in the settings to switch which instance(.world/.ee/.ca) it’s running on, and each option will show its own list of users in the apps main sidebar. I switched and thought I lost all my login info, but it was there when I switched back. I maybe wouldn’t try switching to .world right now, but if that’s how your app works maybe it’s all still there waiting.
My self hosted instance has hiccups sometimes and Jerboa just doesn’t handle it super well. You can swipe away the app and reopen once the server is back and it should come right back up.
the post saying everything was fine now was coming from the same account that was originally compromised
Lol so how do you expect to be notified then? You don’t think they can get their account back? They’ll get it back eventually.
They have multiple admins. The expectation would be for one of the non compromised admins to make the announcement. It’s a trusted channels thing
We’ve changed our name to Israel. - The Admins.
Oof. Oh well, at least they’re getting recognized I guess.
I really hope they have backups in place.
I was once doing work at a company that provided tech support and security for local businesses. There were a couple big instances of the companies being hacked with ransomware etc. On every occasion, we of course ask, “when was your last backup done?” And without fail, every one of them always responded, “backup?”
Good ol’ FAFO
I literally just made a community over there 20 mins ago fml
No biggie. Choose another server and create it there, too. Largest communities will win in the long run.
Just clicked into Lenny.world and saw “site has been seized by Reddit for copyright infringement “
Time to make an alt! Been thinking about switching instances anyway, so this is a nice test. Hope the situation gets resolved soon.
Technical details, is it the sidebar: https://lemmy.ml/post/1896249
It’s actually custom emoji code.
Twitter taking Threads down and posting this lol
lmao
deleted by creator
we did it Reddit! /s
I saw this and laughed. Yes, that’s definitely how copyright works.
Main instance hacked? Time to use an alt!
The first hack is a rite of passage for every site that gets big. It means we’ve been recognized!
Luckily, this seems to be a standard troll (with some tech knowledge) - they’ve defaced the site and put redirects to shock sites, rather than injecting actual malware or quietly collecting everyone’s passwords. This could be much worse.
