this post was submitted on 10 Jul 2023
88 points (96.8% liked)

Lemmy.ca's Main Community

2825 readers
34 users here now

Welcome to lemmy.ca's c/main!

Since everyone on lemmy.ca gets subscribed here, this is the place to chat about the goings on at lemmy.ca, support-type items, suggestions, etc.

Announcements can be found at https://lemmy.ca/c/meta

For support related to this instance, use https://lemmy.ca/c/lemmy_ca_support

founded 4 years ago
MODERATORS
88
Lemmy.world is compromised (talk.kururin.tech)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

They been redirecting to lemon party and some weird video. Do not go to the website. This is the admin that been hacked:

EDIT: lemmy.blahaj.zone also compromised!

top 34 comments
sorted by: hot top controversial new old
[–] [email protected] 53 points 1 year ago* (last edited 1 year ago) (5 children)

Out of precaution we will defederate from lemmy.world until this is resolved.

Edit: Lemmy.world has resolved the issue

[–] [email protected] 3 points 1 year ago

I appreciate the proactivity/precaution!

[–] [email protected] 2 points 1 year ago

It's unresolved.

[–] [email protected] 2 points 1 year ago (1 children)

Have they resolved it? I can't comment there, or is that from this instance defederating from them? I don't have my lemmy.world account on this app

[–] [email protected] 3 points 1 year ago

We believe they have resolved it but we will remain defederated overnight.

[–] [email protected] 1 points 1 year ago

It is once again comprised

[–] [email protected] 10 points 1 year ago

And this is why you use a password manager whenever you make new accounts on the internet.

If you had an account on the Lemmy.world website you need to change your password.

[–] [email protected] 8 points 1 year ago (1 children)

It's still compromised, right now it's showing text that says site seized by reddit for copyright infringement. Lol. Jerboa is just showing Lemmy World heads

[–] [email protected] -2 points 1 year ago

*infringment

[–] [email protected] 8 points 1 year ago

Lemonparty! Now that's a name I haven't heard in ages 🍋🍋🍋👴

[–] [email protected] 8 points 1 year ago

The page redirects is named Israel and it redirects to blank page with "This site was seized by Reddit for copyright infringement". So no, they don't have control yet.

[–] [email protected] 7 points 1 year ago

I am glad I’m on programming.dev for lemmy, but this could’ve happened to anyone. Hope nothing catastrophic happens

[–] [email protected] 6 points 1 year ago (1 children)

First vlemmy now this? what the fuck is going on?

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

this feels too intentional with two big servers in this short time frame icl

[–] [email protected] 2 points 1 year ago

Reddit gotta do what Reddit gotta do to keep their IPO alive

[–] [email protected] 3 points 1 year ago

I was about to make a thread. Quite the bummer.

[–] FARTYSHARTBLAST 3 points 1 year ago
[–] [email protected] 3 points 1 year ago

Looks like it’s gonna be a bit really put a lid on this, but I guess another sign why this is a good system?

[–] [email protected] 2 points 1 year ago

I logged on and was like wtf because the site still works. Thought my phone was hacked heh

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Thanks for the heads-up. Password changed.

[–] [email protected] 2 points 1 year ago

Yeah... I caught all that. Glad to see that they fixed it already though. Rough day for Rudd.

[–] [email protected] 2 points 1 year ago (2 children)

Is there a way to not do email verification but still using 2FA? That way, even if a user's account is somehow phished/compromised, it won't compromise their other accounts.

[–] [email protected] 3 points 1 year ago

I just successfully set up 2FA for an account on another instance that doesn't have a verified email without any issues, so there's no need to have done email verification to use 2FA.

[–] [email protected] 1 points 1 year ago

Absolutely you can do no phone/email and MFA. It's a TOTP thing like Google or Microsoft authenticator. The service doing the authentication has no idea how it's done on the other side, it just makes sure the codes match.

[–] [email protected] 1 points 1 year ago

Man, after all that commenting and stuff I did... :(

[–] [email protected] -4 points 1 year ago (1 children)

Guys, the new Israel lemmy instance has a lot of content I like, but some images I don't agree with. should we defederate?

[–] [email protected] 2 points 1 year ago (1 children)

I don't think you realize what happened. The entire instance got fucked, it wasn't just some posts someone didn't like.

[–] [email protected] 1 points 1 year ago

I was trying to by funny. :(

load more comments
view more: next ›