Conversation
Notices
-
Victor (victor@crucible.world)'s status on Friday, 26-May-2023 04:11:10 JST 
Victor
I don't hold ill will toward anyone in this Poast/Baest hack, but let's take a moment to appreciate some good old-fashioned irony. -
Moon (moon@shitposter.club)'s status on Friday, 26-May-2023 04:11:03 JST 
Moon
@ademan @i I don't know how oembed could pivot to stealing an admin token because there's a CSP in place preventing running other javascript from off-server. it was allowing images to load from anywhere but that's not sufficient to steal a cookie.
I don't want to reveal all my tricks, are you looking for help locking down your own system? I canm privately talk to you.Disinformation Purveyor :verified_think: likes this. -
Ademan (ademan@thebag.social)'s status on Friday, 26-May-2023 04:11:04 JST 
Ademan
@Moon can you explain what precautions you’ve taken here? I’d rather be extra careful… I sure don’t want to have to deal with this shit over the weekend.
-
:blank: (i@declin.eu)'s status on Friday, 26-May-2023 04:11:05 JST 
:blank:
@ademan @dcc @victor @spitfire contents are legit, as for the method, god knows, maybe oembed shenanigans to steal cookies, iirc only shitposter.club goes out of it's way to block those out right -
Victor (victor@crucible.world)'s status on Friday, 26-May-2023 04:11:06 JST
Victor
@dcc @spitfire Poast and Baest got breached, DMs and their attachments are all posted -
Ademan (ademan@thebag.social)'s status on Friday, 26-May-2023 04:11:06 JST
Ademan
Has anyone verified the contents are legit? Graf scare quoted “hack” multiple times, made me hopeful it’s something other than a pleroma vuln
-
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Friday, 26-May-2023 04:11:07 JST 
† top dog :pedomustdie:
@spitfire @victor what happened? -
Victor (victor@crucible.world)'s status on Friday, 26-May-2023 04:11:08 JST
Victor
@spitfire I am shocked, SHOCKED, to find that racism is going on in here! -
They call me Spitfire (spitfire@poster.place)'s status on Friday, 26-May-2023 04:11:08 JST 
They call me Spitfire
@victor
they got baest too? imagine the treasure trove of nudey cartoons and futas to be seen. if i had those kind of 1337 skills I wouldn't be hacking creepy hentai sperg servers, i would be targeting jenna ortegas icloud account or putting a hidden camera in sofia vergera's toilet. 🤷 -
They call me Spitfire (spitfire@poster.place)'s status on Friday, 26-May-2023 04:11:09 JST
They call me Spitfire
@victor
From the hack I discovered poast may be a racist website. I'm not mad but I'm disappointed, I thought it was all ironic posting. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 26-May-2023 04:16:41 JST 
Disinformation Purveyor :verified_think:
@Moon @Lumeinshin @ademan @i I only listen to ssh on my wireguard interface -
Lumeinshin 3rd impact :asukaPout: (lumeinshin@pleroma.skyshanty.xyz)'s status on Friday, 26-May-2023 04:16:42 JST 
Lumeinshin 3rd impact :asukaPout:
@Moon @i @ademan
If theres free advice going :yui_peak: i would be grateful to be included -
Moon (moon@shitposter.club)'s status on Friday, 26-May-2023 04:16:42 JST
Moon
@Lumeinshin @i @ademan
if possible firewall your SSH to your home IP. make sure that password authentication is turned off and root ssh access is turned off. those are the big and easy onesDisinformation Purveyor :verified_think: likes this. -
Ademan (ademan@thebag.social)'s status on Friday, 26-May-2023 04:19:35 JST
Ademan
I’d been thinking about a setup like that.
Disinformation Purveyor :verified_think: likes this.
-
All 076萌SNS content and data are available under the