Update

As of this post, https://lemmy.world/post/1290412, it is clear that the lemmy.world is working behind the scenes to mitigate the attack on their site. In addition, lemmy.blahaj.zone was known to take down their site to investigate a hack. After weighing the risks, we decided to federate with them once again, but we will also remain cautious.

Until the lemmy.world admin team can give a statement or until the community fully understands what is going on, MaiionChat will temporarily block the largest Lemmy instance.

At the moment, I am busy with other priorities, but from what I quickly gathered, please be careful clicking comments that might look like the ones in this post’s image: https://chat.maiion.com/post/68406 as it may be linked to an exploit described here: https://lemmy.max-p.me/comment/100796

The MaiionPostBot remains functional for local instance content, but feel free to continue browsing the All feed. Despite these recent events, being on Lemmy is a more engaging experience.

  • maiion@chat.maiion.comOPMEnglish
    3·
    1 year ago

    Update

    According to https://github.com/LemmyNet/lemmy-ui/issues/1895#issuecomment-1628318236 and https://github.com/LemmyNet/lemmy-ui/pull/1897, the attack vector afflicting lemmy (dot) world is from the use of custom emojis. MaiionChat does not use and never planned to use custom emojis.

    Adding on, another big instance, lemmy (dot) fmhy (dot) ml seems to be down as of writing this. I did not dig around to see if it was voluntary like beehaw (dot) org. Without knowing if malicious intent was involved, I backed up the MaiionChat database onto an encrypted cold storage drive off site as a precautionary measure. Even if malicious intent was not involved, having backups/redundancy is good data practice.