Lemmy exploit response - temporarily switching off open registration and the ability to create new communities
Lemmy exploit response - temporarily switching off open registration and the ability to create new communities
What's going on?
lemmy.world and lemmy.blahaj.zone have been hacked and defaced today:
This may have been caused by an XSS vulnerability in the Lemmy sidebar:
If this is true, then any Lemmy instance can potentially be targetted in this way.
What are we doing about it?
As a precaution, I have temporarily switched off open registration and the ability to create new communities. This means that:
- Any new user that wishes to join Lemdit will have to submit a registration application.
- Existing members will not be able to create new communities themselves.
I am doing this out of an excess of caution, to reduce the risk that we are impacted by this exploit until a fix is released, or until it's confirmed to be nothing.
These are only temporary measures meant to protect us until everything gets resolved.
What this means for you as an existing Lemdit member
- Lemdit is not currently compromised or at risk.
- We have measures in place to reduce the chances of us being affected.
- If you really want to create a new Lemdit community meanwhile, please send me a direct message.
- I will keep you updated as this develops.
0
comments