• @CMahaff@lemmy.ml
    link
    fedilink
    English
    111 year ago

    Oh man, that would be brutal if they are resetting the password and it isn’t kicking the attacker out…

    • Max-P
      link
      fedilink
      English
      121 year ago

      That’s probably what happened here because they did revoke the admin’s access, but it continued.

      • @CMahaff@lemmy.ml
        link
        fedilink
        English
        61 year ago

        The issue does say changing the password should kick the user out, but yeah, still not good.

          • @CMahaff@lemmy.ml
            link
            fedilink
            English
            4
            edit-2
            1 year ago

            Oh man this one is SO much worse. If this is what is going on the only way to kick out the hacker will probably be to manually alter the DB. Yikes.

            I hope the admin team is aware of this - not sure how one would even contact them.

            • maegul (he/they)
              link
              fedilink
              English
              31 year ago

              Well, provided top level admin access to the server is still protected, a manual DB change ought to be rather doable right?

              As for contacting the admins … the lead admin, ruud, is on mastodon and also admins one of the largest mastodon instances: mastodon.world. They are Dutch however, which means they’re likely asleep right now.

              All of which raises the broader point about what good admin practice is. This is something the fediverse needs to get better at. In this case, as a bare minimum, every admin should be reachable at a location outside of their own instance.

              Ideally, IMO, there’d be an “admin backline protocol” of some sort, where it’s super easy or even automatic that every admin of every instance can have an account on any instance they federate with for the purposes of communication etc.