this post was submitted on 10 Jul 2023
18 points (84.6% liked)

FREEMEDIAHECKYEAH

11 readers
24 users here now

๐Ÿฟ ๐Ÿ“บ ๐ŸŽต ๐ŸŽฎ ๐Ÿ“— ๐Ÿ“ฑ


๐Ÿดโ€โ˜ ๏ธ Wiki / ๐Ÿ’ฌ Chat


Rules

1. Please be kind and helpful to one another.

2. No racism, sexism, ableism, homophobia, transphobia, spam.

3. Linking to piracy sites is fine, but please keep links directly to pirated content in DMs.

founded 1 year ago
MODERATORS
 

Wondering if fmhy was hacked like .world Asking this to know if I should change my password.

top 24 comments
sorted by: hot top controversial new old
[โ€“] brad@toad.work 18 points 1 year ago* (last edited 1 year ago) (1 children)

I don't believe FMHY was affected. For me, the timeline went:

  1. I found out about the hack pretty much immediately when it happened
  2. I immediately hopped into the Lemmy dev matrix channels to get an idea of what was going on
  3. I crossposted the news of the hack in !technology@lemmy.fmhy.ml about 20 or 30 minutes after it happened
  4. In the dev channels, right around when I made the post, a couple of users were able to pin down the exact vulnerability and which server the user that perpetrated it originated from. A user (that I won't name) sent test instructions (that were quickly deleted and I will not share on the off chance that there are servers that don't know about the vuln and haven't patched or mitigated) that verified the vulnerability.
  5. A pull request for the fix was submitted to github (and, from a cursory look at the PR, it closes the hole that was used for the hack solidly) while, simultaneously, a couple of other devs stated that 0.18.1 is not affected by the vulnerability (which I have not taken the time to verify since they've already PRed a patch)

For those reasons, I don't think FMHY was ever at risk because of how quickly it was updated to 0.18.1 coupled with the fact that I don't think custom emojis are a thing on here. It's very possible that I am wrong about that because I'm an idiot but I don't believe there's anything to worry about.

[โ€“] daf@lemmy.fmhy.ml 5 points 1 year ago (1 children)

Thanks for the detail answer

[โ€“] brad@toad.work 6 points 1 year ago (1 children)

If I'm going to have an actively unhinged sleep schedule, I figure I might as well put it to good use this is fine dog on fire

[โ€“] daf@lemmy.fmhy.ml 2 points 1 year ago

Sending you the sandman (hope that's proper wording) right away. Happy sleeping ;)

[โ€“] Evoke3626@lemmy.fmhy.ml 15 points 1 year ago (1 children)

It shouldnโ€™t be affected because the issue came down to running custom emojis, which to my knowledge, fmhy does not use.

It never hurts to log out, change password, and back in tho

[โ€“] daf@lemmy.fmhy.ml 7 points 1 year ago (1 children)
[โ€“] Evoke3626@lemmy.fmhy.ml 4 points 1 year ago

Anytime! I went to school for cybersecurity so any other questions feel free to let me know. Granted Iโ€™m still very much of an amateur/apprentice.

[โ€“] boots@lemmy.fmhy.ml 5 points 1 year ago* (last edited 1 year ago) (1 children)

Also, there's seems to be no official word from the admins yet.

Edit: official word here!

[โ€“] Draz@lemmy.fmhy.ml 5 points 1 year ago (1 children)

On the Divolt, Zinklog said he should've made a post before they pulled the plug. But the vulnerability seemed scary. Which I can't blame em for. No other official word to my knowledge though

[โ€“] boots@lemmy.fmhy.ml 3 points 1 year ago (2 children)

Oh yes I actually agree with that decision. Better safe than sorry.

But I was worried about the information blackout. I feared the admins got hacked and locked out of the server.

I'm not familiar with Divolt. Can you browse without being registered? If not, maybe we need a more public backup channel? Dunno, maybe on Mastodon or on another Lemmy instance?

Today I even checked the fmhy sub on Reddit but there was nothing there.

[โ€“] DarkTides@lemmy.fmhy.ml 2 points 1 year ago (1 children)

Mastodon place for announcement would probably be ideal than another lemmy instance in case a vulnerability that affects them all causes issues.

[โ€“] boots@lemmy.fmhy.ml 2 points 1 year ago (1 children)

Agreed, I'd also like Mastodon ๐Ÿ™‚

[โ€“] DarkTides@lemmy.fmhy.ml 2 points 1 year ago (1 children)

I'm going to need look up the different contacts available to keep in the loop on instances I like in case something happens again. Don't want to have to go back to reddit to try and find news on their status haha

[โ€“] boots@lemmy.fmhy.ml 2 points 1 year ago (1 children)

Good idea, yeah. I'm a bit worried about the instance-goes-boom scenario, but I understand this basically comes with the package in the fediverse.

About Reddit, well lol the more I'm on Lemmy the less I'm inclined to go back. spez really did the magic with his BS, eh? ๐Ÿ˜‚

[โ€“] DarkTides@lemmy.fmhy.ml 2 points 1 year ago (1 children)

Yeah, my most treasured subs started their own instances here with fmhy and piracy, so I've been fine without reddit. Just need to secure those alternate communication channels and I'll be able to not go back to Spez.

[โ€“] boots@lemmy.fmhy.ml 2 points 1 year ago

Awesome. My dream is that more and more people manage to do the same, so spez (and all the other big tech CEOs) learn their lesson the hard way.

[โ€“] Draz@lemmy.fmhy.ml 1 points 1 year ago (1 children)

Sorry. Was finishing my shift at work

I don't believe so. Divolt is a self hosted instance of Revolt that FMHY uses. And revolt is basically a Open source discord alternative. I started my account there to see if there was any news about it.Though yeah, Mastodon or something might not be a bad idea, but obviously it's up to the admins on their plans

[โ€“] boots@lemmy.fmhy.ml 1 points 1 year ago (1 children)

No worries! Hope it was a good day at work.

I see, thanks for the explanation. Ideally I'd like Mastodon, so there'd be no mandatory new account. But yeah it's up to the admins. If they already have Divolt, I'm not sure they'd be willing to manage another platform. We'll see ๐Ÿ™‚

[โ€“] Draz@lemmy.fmhy.ml 1 points 1 year ago (1 children)

Other than the management being a pain. Pretty good haha.

And yeah that's fair. I dont disagree with that. And I'm sure if the demand or the need for a wider net arises. I'm sure it'll be taken care of

[โ€“] boots@lemmy.fmhy.ml 1 points 1 year ago (1 children)

Dang, management doing their thing as usual lol.

Cheers to that! With the instance growing, I'm hopeful your prediction proves correct ๐Ÿฅ‚

[โ€“] Draz@lemmy.fmhy.ml 1 points 1 year ago (1 children)

Right? Like imagine getting talked down to because a customer called asking if they left something at the shop. We have a phone for a reason lmao.

And yeah. I think the staff are doing a great job. Just some growing pains. Especially after the reddit thing and the platform growing

[โ€“] boots@lemmy.fmhy.ml 1 points 1 year ago (1 children)

It looks like someone in management had a pretty bad day lol. No need to unleash their frustration on you, though. I hope you managed to be super zen about it. You need a lot of patience when dealing with this kind of people. A lot of bosses are like that, unfortunately.

Agree, the staff seems really good. There's also a post about the down now. Reddit is really going down the drain imho. spez is destroying it. I myself moved here because of him. The API changes, the killing of 3rd party apps and the ad hoc rules to stifle the protest were the last straw for me.

[โ€“] Draz@lemmy.fmhy.ml 2 points 1 year ago

He's notoriously bad. So I'm used to it haha. Just like. Why? Lol

And yeah. Reddit has been... Not doing great. I've already been preferring open source as is. But that really changed things

[โ€“] Martineski@lemmy.fmhy.ml 4 points 1 year ago

Fix should come soon, beehaw is already back: https://beehaw.org/post/1039540

load more comments
view more: next โ€บ