GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Mastodon.world admins (mwadmin@mastodon.world)'s status on Monday, 10-Jul-2023 16:11:20 JST Mastodon.world admins Mastodon.world admins

    Lemmy.world (Among others) was hacked. It’s fixed now, see https://lemmy.world/post/1290412

    In conversation Monday, 10-Jul-2023 16:11:20 JST from mastodon.world permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: lemmy.world
      Lemmy.world (and some others) were hacked - LemmyWorld
      While I was asleep, apparently the site was hacked. Luckily, (big) part of the lemmy.world team is in US, and some early birds in EU also helped mitigate this. As I am told, this was the issue: - There is an vulnerability which was exploited - Several people had their JWT cookies leaked, including at least one admin - Attackers started changing site settings and posting fake announcements etc Our mitigations: - We removed the vulnerability - Deleted all comments and private messages that contained the exploit - Rotated JWT secret which invalidated all existing cookies Because not all instances are aware, we will not go into detail on the vulnerability yet. Many thanks for all that helped, and sorry for any inconvenience caused!

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.