this post was submitted on 12 Jul 2023
112 points (91.2% liked)

Fediverse

27709 readers
619 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
antik@lemmy.world
112
wtf is happening? (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by Rockfury@lemmy.world to c/fediverse@lemmy.world
60 comments fedilink hide all child comments
 

Why am I signed out every time I open this? Why can I hardly post anything anywhere? It's like a dice roll.

you are viewing a single comment's thread
view the rest of the comments
[–] fubo@lemmy.world 9 points 1 year ago (7 children)

Server-side authentication bug; maybe fallout from the recent attack? I'd expect instability for the next day or so as auth & related problems shake out.

[–] Rockfury@lemmy.world 1 points 1 year ago (2 children)

Attack? I am outta the loop. What happened?

[–] fubo@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (1 children)

https://lemmy.world/post/1290412

Summary: Attacker found a way to inject JavaScript into the sidebar, letting them steal auth tokens ("JWTs"), including from an admin account. They then used the stolen admin access to vandalize the site. At one point, the attacker used the stolen admin account to falsely announce that the attack had been remediated. Later that day, the attack actually was remediated by the site owner (Ruud) and the vulnerability was patched in the Lemmy code.

[–] Rockfury@lemmy.world 1 points 1 year ago

Appreciate the info.

load more comments (4 replies)