advising all admins to defederate from misskey-forkbomb[.]cf and *.repl.co as these domains are being used to serve an exploit that causes misskey servers to enter an infinite loop, wasting resources and lagging the instance
id also STRONGLY advise defederating mastodong[.]lol, as that instance is operated by the malicious party responsible for the exploit and was used to trigger it (hxxps://mastodong[.]lol/[@]lamp/109436430029496536), so it may be used in similar ways by future "endeavors"
the exploit works by serving a malicious activitypub actor that references itself as featured, causing misskey to infinitely try to resolve this same url forever
misskey admins affected by the exploit should, after blocking the domains, stop misskey, clear redis in order to reset the job queue, and start it up again
that said, now that this is out there, there will unfortunately be copycats, but hopefully these instructions help until a fix is available...
#fediblock
id also STRONGLY advise defederating mastodong[.]lol, as that instance is operated by the malicious party responsible for the exploit and was used to trigger it (hxxps://mastodong[.]lol/[@]lamp/109436430029496536), so it may be used in similar ways by future "endeavors"
the exploit works by serving a malicious activitypub actor that references itself as featured, causing misskey to infinitely try to resolve this same url forever
misskey admins affected by the exploit should, after blocking the domains, stop misskey, clear redis in order to reset the job queue, and start it up again
that said, now that this is out there, there will unfortunately be copycats, but hopefully these instructions help until a fix is available...
#fediblock
