388
submitted 1 year ago* (last edited 1 year ago) by G59@lemmy.ml to c/fediverse@lemmy.ml

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?


edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895

you are viewing a single comment's thread
view the rest of the comments
[-] eerongal@ttrpg.network 18 points 1 year ago

Definitely opens up a big question about the security of Lemmy instances that I am sure will be discussed over the next few days.

They added 2FA login to lemmy in one of the newer updates. Probably pretty pertinent for any admins to use it....

[-] ebits21@lemmy.ca 11 points 1 year ago* (last edited 1 year ago)

It’s buggy and missing some key checks to make sure it’s working when you set it up.

Real risk of locking yourself out of your account.

[-] eerongal@ttrpg.network 4 points 1 year ago

oh, really? maybe i'll turn mine off then.....Thanks for the heads up!

[-] ebits21@lemmy.ca 6 points 1 year ago

Mostly a risk on initial setup.

I’ve been waiting a bit for it to stabilize and just using huge random passwords

[-] Zetaphor@zemmy.cc 4 points 1 year ago

If you're using a password manager you'd be doing this for every site and without even having to think about it. Bitwarden is a great choice.

[-] Cube6392@beehaw.org 5 points 1 year ago

I like KeePass. Bitwarden currently has an nginx exposure in the Dockerfile published in their git repo (may have been fixed since a couple of days ago). That said, I used Bitwarden for many years and switched out of an abundance of paranoia, and am definitively not recommending against it. Just basically use one of the following:

  • Bitwarden
  • KeePass
  • 1password

And stay far the fuck away from LastPass

[-] delollipop@beehaw.org 2 points 1 year ago

my uni is currently still recommending lastpass as of now, tho I’ve heard they might be looking for alternatives …

[-] Boeman@lemmy.ml 3 points 1 year ago

LastPass has had a few security incidents lately. I do not trust them at all.

[-] ebits21@lemmy.ca 1 points 1 year ago* (last edited 1 year ago)

Oh I do. Used Bitwarden for many years.

I actually use keepass for totp codes too.

[-] bdonvr@thelemmy.club 1 points 1 year ago

Too bad it doesn't work with several 2FA apps and right now....

[-] bdonvr@thelemmy.club 1 points 1 year ago

Also I believe this was achieved through cookie stealing, which 2FA would not have helped

this post was submitted on 10 Jul 2023
388 points (99.2% liked)

Fediverse

17848 readers
33 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS