this post was submitted on 10 Jul 2023
8 points (100.0% liked)

Meta and Announcements

7 readers
1 users here now

Meta community to discuss anything about the yiffit.net instance.

founded 1 year ago
MODERATORS
 

We were not impacted by the security incident. However, we do have a suspicious sign-up which I'll be investigated. I have made sure there's no custom emoji (attack vector) and will apply the patch as soon as possible (edit it's been applied).

Browsing malicious posts from remote instances WILL NOT compromise your account. Just in case, I've also remove these posts from the database.

Stay tuned for more updates.

Update 1: Yiffit.net should not have been impacted by the recent security vulnerability. I'm investigating.

Hello, we should not have been impacted since we don't have custom emoji. We did have one emoji, but I removed it hours ago.

I do have one suspicious sign up request. I'm investigating and will potentially invalidate everyone's session so you might need to login again.

Also, my login credentials as admin to Yiffit are completely different to the ones to the server. If my account here were to be compromised an attacker would not get access to the server.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here