348
submitted 1 year ago* (last edited 1 year ago) by G59@lemmy.ml to c/fediverse@lemmy.ml

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?

you are viewing a single comment's thread
view the rest of the comments
[-] CMahaff@lemmy.ml 8 points 1 year ago* (last edited 1 year ago)
  1. Inject exploit into a comment using custom emoji.
  2. Front-end parses the emoji incorrectly allowing JavaScript to be injected.
  3. JavaScript loads for everyone to views a page with the comment and sends their token and account type to the hackers domain.
  4. Hacker parses received tokens for admins and uses that to inject redirects into the front page of the Lemmy instance.

To answer your other questions:

  • IMO there probably should be better parsing to remove this stuff from the back-end, so I'm not sure the front-end solution is the complete solution, but it should get things largely under control.
  • Back-end is theoretically not compromised besides needing to purge all the rogue comments. Attacker presumably never had access to the server itself.
  • Probably needs to be a mass reset of ALL passwords since lots of people's tokens were sent during the attack, so their accounts could be compromised.
this post was submitted on 10 Jul 2023
348 points (100.0% liked)

Fediverse

17786 readers
11 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS