GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    草莓酱? :verified: (strawberry@m.cmx.im)'s status on Sunday, 04-Dec-2022 10:54:09 JST 草莓酱? :verified: 草莓酱? :verified:

    Mastodon的ActivityPub实现中的一个安全漏洞被利用来攻击Mastodon网站,本站也受到影响——公共时间线在很长一段时间内持续充斥着垃圾帖子和用户,大大消耗了服务器资源。目前,我们已经封锁了恶意滥用该漏洞的域名及其28,000余个随机子域。根据用户反馈,该安全漏洞是由本站站内用户搜索恶意实例的用户引起的,每次都会返回2个随机用户名,由于Mastodon缺乏对递归的限制,导致服务器陷入无限抓取的循环。

    Ref: https://fedibird.com/users/yustier/statuses/109448938246497764

    In conversation Sunday, 04-Dec-2022 10:54:09 JST from m.cmx.im permalink

    Attachments


    1. https://media.cmx.edu.kg/media_attachments/files/109/452/293/537/982/339/original/f76c09489a19d905.jpg
    2. Domain not in remote thumbnail source whitelist: s3.fedibird.com
      ‮(dribideF) 碌藍‮ (@yustier@fedibird.com)
      from ‮(dribideF) 碌藍‮
      添付: 1 枚の画像

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.