Nekobit on Nostr: Okay okay, Graf's advice is outdated, it turns out that the code for it is now ...
Okay okay, Graf's advice is outdated, it turns out that the code for it is now *obfuscated*.
I found this .js file uploaded to my server under the filename `pfp.js`. It's NOT the same hash, you are still vulnerable. It is being exploited, clearly.
https://paste.sqt.wtf/707d32
If you run a Ctrl+F, the fedirelay.xyz url is there, so the hash check method is completely retarded, but it may be done to work around the hash files.
Fuck I'm probably leaked too but I don't really give a damn.
I found this .js file uploaded to my server under the filename `pfp.js`. It's NOT the same hash, you are still vulnerable. It is being exploited, clearly.
https://paste.sqt.wtf/707d32
If you run a Ctrl+F, the fedirelay.xyz url is there, so the hash check method is completely retarded, but it may be done to work around the hash files.
Fuck I'm probably leaked too but I don't really give a damn.