this post was submitted on 10 Jul 2023
475 points (99.2% liked)

Fediverse

17852 readers
2 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
 

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?


edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 year ago (2 children)

Last I saw, they were on 0.18.1, unless a very recent update was installed. Do you happen to have a full list of domains they were redirecting to? Just want to be sure they were only going to "harmless" offensive sites, and not something worse.

[–] [email protected] 14 points 1 year ago (1 children)

Only lemonparty (which then redirects to chaturbate) and the pedo image hosted in the pictrs of lemmy.world itself. I saw no evidence of anything else, as people said, it's a pretty oldschool type of hack to disturb not spread malware.

But I didn't dig that much further than that, and it's only a snapshot of what I gathered before it got fixed. I Ctrl+F "lemonparty" in view source and pasted the JSON in VScode and that's about it. Didn't dig much deeper if that was just a red herring.

[–] [email protected] 11 points 1 year ago

Thanks for digging in and sharing your findings!

[–] [email protected] 14 points 1 year ago

As for the version, my instance reports it as

0.18.1-2-ga6cc12afe

So it seems to be using some extra patches, but I can't find that commit on GitHub which indicates it might not be public, or cherry-picked locally.

So with this in mind, either it's just innocent performance patches, or someone potentially also introduced the markdown vulnerability.

Although it's also entirely possible I suck and wasn't able to reproduce it correctly/had wrong quoting or something. Hopefully the devs can shine some light in the details.