layla

joined 3 years ago
[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

Permanently deleted

[–] [email protected] 11 points 10 months ago (2 children)

no, and it's not their first time either

[–] [email protected] 35 points 10 months ago (8 children)

you "got dropped" (temporarily removed) because you keep harassing people in mod chat because you're drunk. please log off and come back when you're sober

[–] [email protected] 7 points 1 year ago

Servers are French, but we don't use Cloudflare (haven't since we moved back upstream a few months ago).

[–] [email protected] 19 points 1 year ago

Did I do it right? This bit rules!

 

We have a test instance of Lemmy 0.18.2 running with our patches on top ready for testing:

https://test.hexbear.net

Lemmy has been seeing a lot of activity recently, so this release brings with it a lot of changes (some of which we are hoping are going to fix some of the jank y'all have probably been experiencing). You can see the full list of changes here: https://github.com/LemmyNet/lemmy/releases. This is also the release that removes websockets!

Disclaimer: Anything you post will be nuked after we're done testing, nothing is being saved from the test instance.

If you encounter a bug please let us know what happened, how we can reproduce it, and your OS & browser in the comments below. The more detail, the more likely we can fix things!

 

Hexbear was a victim of a targeted XSS attack similar to the attack many other Lemmy instances have seen.

The account that first leveraged the attack was registered on 2023-07-10 at 03:58 UTC, the fix for the vulnerability was applied by around 04:35 UTC. This leaves a ~40 minute window in which anyone browsing the site could have had their account hijacked.

The attacker was able to act (post, comment, DM) as the account they hijacked. They will also have been able to view/use the compromised account's settings page. This means they will have been able to see users' email addresses. Some accounts that were compromised were temporarily banned, these bans have now been lifted.

If you were using the site during the above time window, please double check your account settings to see if anything was changed.

Passwords were not stolen, JWTs were. We have just invalidated all old JWTs so the attacker no longer has access to the hijacked accounts (this is why all users have been logged out).

[–] [email protected] 0 points 2 years ago (5 children)

So, I'm not Amerikan, but it isn't a stretch to say that without the Dems this wouldn't have been possible right? Obama gave up one supreme court nomination, and RBG wanted to resign under Clinton or whatever and then fucking died when Trump was in office instead, right?

[–] [email protected] 0 points 2 years ago (3 children)

@Cromalin following up from your last comment, yeah, gay marriage will be one of the first to go by the looks of it :yea:

 

I regret to inform you it's Not That Good