A bunch of instances got compromised earlier today. Monero.town was not effected since this particular exploit requires a server to have custom emojis enabled.
geteilt von: https://lemdro.id/post/42872
cross-posted from: https://lemmy.ml/post/1895271
FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Glad you had the sense not to enable extra garbage on this server.
Indeed. When I first looked into Lemmy, the custom emotes had terrible performance (like 30 seconds to load a post if there were multiple in it) so I never looked into adding any.
The less feature the less attack surface. Keep it with minimal features, just essentials