That was scary and exciting. Response seems competent and transparent. I โค๏ธ this place.
Lemmy.World Announcements
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to info@lemmy.world e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email report@lemmy.world (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
So, do we change passwords, esp those who logged on during the attack? (I created this acct right before the attack happened tho.)
Despite the fact that Lemmy is a fairly new piece of software, which makes these issues more likely, I am really grateful for it being open source, and I really appreciate this level of transparency.
Well done all involved. Sounds like it was caught and mitigated quickly
Thank you for the transparency and swift solution!
Vulnerability strikes. Open source's lightning response strikes back. Again.
Any truth to what I've heard this may have been done by a group we defederated with?
Thanks for fixing and being so open about it
How does this impact those using mobile apps like Jerboa or Liftoff, instead of the website directly?
Good job. I don't understand very much of that, so that makes me all the more grateful. Thank you.
I just disabled whole "/admin" section on my instance and added nice message ๐
The quick fix is much appreciated, thank you and everyone that helped for your hard work!
On Liftoff, I had to clear cache and storage in order to log back in. Still having issues with the website on Chrome, which keeps telling me I'm not logged in after clearing cache and logging back in.
Thanks for your efforts. I know that Lemmy was put in place rather quickly as a Reddit alternative. But I'm genuinely hopeful that this will be a good alternative.
At least now we can mark off the "disruptive website defacement attack" line on the checklist of (relatively) new website growing pains. Better to have them make lots of noise and get fixed quickly than quietly do sneaky things in the background.