Originally this post was me saying “oh, they refederated us.” They didn’t, they got hacked, lol. We’ve temporarily defederated with lemmy.world on our end (not that they federated with us anyway) until they get their shit back.

      • RA2lover@burggit.moe
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        aaaand it’s compromised again. at least this time i was able to get the website’s payload before a redirect hit.

        EDIT: sidebar has an onload component changing the window location if an item “h” can’t be found on the browser’s local storage:

        onload="if(localStorage.getItem(`h`) != `true`){window.location.href = `https://lemmy.world/pictrs/image/7aa772b7-9416-45d1-805b-36ec21be9f66.mp4`}"
        

        edit2: their backend is now down.