cross-posted from: https://lemmy.ml/post/1895271

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?


edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

  • jcg@halubilo.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    The two main Devs of Lemmy do this full time. They’re not hired in a traditional sense, but the project is funded enough for them both to work on it as their full time job. Now, this isn’t a problem with open source, I’m a professional software Dev and you would not BELIEVE how many enterprise, proprietary systems are still doing things like building SQL statements by directly concatening strings that come from user input (especially in enterprise software cause, well, who’s gonna fuck around with it?). No, this is a problem of having this many eyeballs on you. The tiny little places they slipped up and didn’t properly sanitize a user input string was found and exploited. Most proprietary systems do NOT reach this level of user count, and in particular Lemmy attracts a certain more tech-savvy demographic that would’ve found this sooner or later, malicious or not. Remember, this vulnerability was not just found, somebody was looking for it.