hey friends,

on may 19, 2023 an unknown user registered the domain name fedirelay.xyz and setup a fake mostr (nostr) relay to listen for requests on the fediverse.

on may 20, 2023 at 20:52 (utc) a user uploaded the attached document to poast. it was originally an obfuscated javascript file (unobfuscated and attached it here, renamed to .txt so you can view it in any editor).

what this javascript file does is take the viewers oauth token, encode it to make it look like a nostr pubkey and then forced the clandestine mostr relay to look up that user locally giving that server the encoded token all while appearing to be a legitimate mostr (nostr) bridge

i have taken steps to completely limit access to the admin api and corrected any CSP or other issues that could possibly have contributed to this, however most of you (instance owners) are still vulnerable to it. the default pleroma install serves media files on your root domain as a local folder (i.e. yourdomain.xyz/media) and the default CSP for any site is to allow executing scripts via the root domain. in order to prevent this you should take steps to either move your media from yourdomain.xyz/media to media.yourdomain.xyz (or any subdomain outside of your root domain) or perhaps by limiting the CSP for that subdirectory via nginx configuration.

if you are an instance owner, the obfuscated file hash is `b2977f2d97f598d2ebd6dcf37afd9047b5da2b6dc95a7b2824fb111c906fb117` so you can search yourdomain.xyz/media/b2977f2d97f598d2ebd6dcf37afd9047b5da2b6dc95a7b2824fb111c906fb117.js and see if you have it on your server.

no user password or anything beyond email:user and your chats and media associated with them have been archived and everybody's tokens were dropped forcing you to all relog on your accounts. this is to ensure that if any of you had tokens exposed by viewing this JavaScript, they are no longer functional on poast.

sorry to anybody i let down but i could never have foreseen this level of sophistication and i would not have ever expected it. now that we are aware of it, we will be more diligent in the future. thanks for being here with us still friends
>Possible Monkeypox resurgence coming
>Pride Month is only a couple weeks away

Elon gave twatter to a WEF shill wahmen

really nigga

Show older
Merovingian Club

A club for red-pilled exiles.