cross-posted from: https://lemmy.ml/post/1895271

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?


edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

  • Banana@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    In all seriousness, no one is talking about this, but this is the one disadvantage of open source software being developed by volunteers, we don’t know exactly how the admin accounts were hacked but the XSS stuff is really basic stuff, none of those fields were sanatised at all, and it makes me concerned what else has been missed, obviously the advantage of open source is in time this stuff can get fixed, but this is what happens when loads of people who aren’t experts contribute to a site.

    In comparison to sites where there is a fully hired developer team the quality of the code is significantly better. I really hope the passwords were hashed on these instances and the hackers didn’t get plain text passwords or anything really bad like this.

    One thing and credit to Ernest, as I’ve contributed there he does very thorough code reviews and his quality of code is very good, its why im confident kbin won’t be hacked.