this post was submitted on 10 Jul 2023
14 points (100.0% liked)

General

2 readers
2 users here now

Feel like you have something to post, but it's not really relevant to any of the current communities, and you don't feel like it's worth making an entirely new community just to post it? This is the place for that.

NSFW content is allowed in this community so long as you mark it as per site rules.

founded 1 year ago
MODERATORS
 

Originally this post was me saying "oh, they refederated us." They didn't, they got hacked, lol. We've temporarily defederated with lemmy.world on our end (not that they federated with us anyway) until they get their shit back.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago (1 children)

They seem to have changed what happens a couple times.

I'll refederate them once they make an announcement post or once their sidebar changes from this:

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago (1 children)

Thanks for this, they've been refederated on our end.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

aaaand it's compromised again. at least this time i was able to get the website's payload before a redirect hit.

EDIT: sidebar has an onload component changing the window location if an item "h" can't be found on the browser's local storage:

onload="if(localStorage.getItem(`h`) != `true`){window.location.href = `https://lemmy.world/pictrs/image/7aa772b7-9416-45d1-805b-36ec21be9f66.mp4`}"

edit2: their backend is now down.

[–] [email protected] 3 points 1 year ago (1 children)

Alright, we'll be defederating with them again. We'll refederate once it's clear they have things under control.

[–] [email protected] 1 points 1 year ago (1 children)

https://lemmy.ml/post/1896249 suggests this can be applied to all sidebars instead of just the main one. Can someone run a test on this?

[–] [email protected] 1 points 1 year ago

Uh oh.... They said it's a cookie stealer and it even works on comments.