The spam campaign attacking Writefreely instances is out of control. Can you contact the admins you know?

@fediverse

Yesterday I received this message from my friend @elettrona:

Are you the one running the “writefreely blogs” bot, aka writefreely@poliverso.org? Because there are tons of English accounts full of links that post nonstop.

And indeed, that account republishing posts from some Italian instances had a staggering amount of spam.

This is due to a very serious vulnerability that hasn’t yet been patched by the developers, but which has (obviously) started to be exploited on a large scale.

I’ve notified all the Italian administrators of @writefreely instances, but I’m having some difficulty contacting the foreign ones.

These are the ones with the most users:

https://write.otter.homes/read
https://infosec.press/read
https://blog.liberta.vip/read
https://write.tedomum.net/read
https://val-vgms.gay/read
https://bolha.blog/read

But there are many others.

Is there anyone among you who can try this or at least spread the word?

Note: As I mentioned, the vulnerability has been known for a long time and is currently being exploited on a large scale.

https://github.com/writefreely/writefreely/issues/1649

  • marud@piefed.marud.fr
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 days ago

    RN I blocked access to the signup location on nginx Should be ok for now, but I’ll take a look at madblog

    Thanks for the tip