cross-posted from: https://lemmy.ml/post/1895271

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?


edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

  • TheSaneWriter
    link
    fedilink
    English
    351 year ago

    Deeply unfortunate that something like this could happen, you always hope that code injection vulnerabilities are found before someone is hacked. With that in mind, this shows the importance of two security principles: always parse and clean user input and don’t click links (including images) before checking where they are going to send you.

    • db2
      link
      fedilink
      English
      171 year ago

      This used an onLoad which isn’t generally shown when you hover over a link in a browser. Most people, even devs, aren’t going to jump on the console to check every link.

      NoScript would probably have helped though.

      • 𝙚𝙧𝙧𝙚
        link
        fedilink
        English
        301 year ago

        What kind of terrible markdown editor allows adding onload scripts to images though… it’s insane.

      • deweydecibel
        link
        fedilink
        English
        161 year ago

        Also doesn’t help when using mobile and there’s no hover over

        • @[email protected]
          link
          fedilink
          English
          41 year ago

          You can usually click and hold on mobile and an popup will appear showing the link (I think) - or you can click and hold and copy the link and paste it somewhere to see where it’s going to go.