Originally this post was me saying “oh, they refederated us.” They didn’t, they got hacked, lol. We’ve temporarily defederated with lemmy.world on our end (not that they federated with us anyway) until they get their shit back.
Originally this post was me saying “oh, they refederated us.” They didn’t, they got hacked, lol. We’ve temporarily defederated with lemmy.world on our end (not that they federated with us anyway) until they get their shit back.
https://lemmy.world/post/1287082
Thanks for this, they’ve been refederated on our end.
aaaand it’s compromised again. at least this time i was able to get the website’s payload before a redirect hit.
EDIT: sidebar has an onload component changing the window location if an item “h” can’t be found on the browser’s local storage:
onload="if(localStorage.getItem(`h`) != `true`){window.location.href = `https://lemmy.world/pictrs/image/7aa772b7-9416-45d1-805b-36ec21be9f66.mp4`}"
edit2: their backend is now down.
Alright, we’ll be defederating with them again. We’ll refederate once it’s clear they have things under control.
https://lemmy.ml/post/1896249 suggests this can be applied to all sidebars instead of just the main one. Can someone run a test on this?
Uh oh… They said it’s a cookie stealer and it even works on comments.