FYI!!! In case you start getting re-directed to porn sites.
Maybe the admin got hacked?
edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.
Post discussing the point of vulnerability: https://lemmy.ml/post/1896249
Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895
The JWT are likely a hot issue, already some Issues on GitHub about them not being revoked properly.
Oh man, that would be brutal if they are resetting the password and it isn’t kicking the attacker out…
That’s probably what happened here because they did revoke the admin’s access, but it continued.
JWT issue opened 4 days ago: https://github.com/LemmyNet/lemmy/issues/3499
The issue does say changing the password should kick the user out, but yeah, still not good.