281
submitted 1 year ago* (last edited 1 year ago) by supakaity to c/main

Hi everyone.

Lemmy had an XSS vulnerability and we were one of the instances attacked through this vulnerability. We had our homepage replaced by a youtube video.

The lemmy devs were quick to create a PR for this issue and we have patched our instance to fix it,

Also while I do not believe any login tokens were compromised, we have taken the additional measure of rotating our secret key, so everyone will have to login to the site again as your existing credentials will no longer be valid.

If login fails to work properly, you may have to clear your cookies for the site... it seems to get confused about whether you're logged in or not.

Sorry that this happened, if you have any questions please contact @ada@lemmy.blahaj.zone or myself.

blobcat, heart

you are viewing a single comment's thread
view the rest of the comments
[-] 001100010010@lemmy.dbzer0.com 18 points 1 year ago

Yea how do I know you're not the hacker that's still in control? 🤔

[-] supakaity 30 points 1 year ago* (last edited 1 year ago)

How do you know I haven't always been the hacker who's in control? :D

[-] 001100010010@lemmy.dbzer0.com 9 points 1 year ago* (last edited 1 year ago)

😲 Oh no... Lol, that'd be funny tho

this post was submitted on 10 Jul 2023
281 points (100.0% liked)

Blahaj Lemmy Meta

2334 readers
3 users here now

Blåhaj Lemmy is a Lemmy instance attached to blahaj.zone. This is a group for questions or discussions relevant to either instance.

founded 2 years ago
MODERATORS