this post was submitted on 27 Nov 2024
5 points (69.2% liked)

Lemmy.world Support

3248 readers
2 users here now

Lemmy.world Support

Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.

This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.

This community is subject to the rules defined here for lemmy.world.

To open a support ticket Static Badge


You can also DM https://lemmy.world/u/lwreport or email report@lemmy.world (PGP Supported) if you need to reach our directly to the admin team.


Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world/



founded 2 years ago
MODERATORS
top 20 comments
sorted by: hot top controversial new old
[–] nokturne213@sopuli.xyz 7 points 3 weeks ago (2 children)
[–] scrubbles@poptalk.scrubbles.tech 11 points 3 weeks ago

Of course not. This is like, the 4th time this guy has posted this and has yet to provide any screenshots, REST calls, or anything. If they were actually concerned about trolling this would be a GitHub issue, not a post on a support thread. It would behave been swarmed on. As far as I'm concerned this is just trolling until they provide actual proof to the devs.

[–] devAlot@lemmy.world 3 points 3 weeks ago

Yeah screenshots would be great. Dug through the post history a bit and only found one other "It happened again" post, no ss, gave up on locating the original after a few pages. I did find this one where OP might have clicked a potential suspicious link, which could be related.

Also curious to know if it's just a visual glitch or if OP actually has full access to another user's account, like inbox messages, ability to make posts as them, upvote/downvote, etc.

OP, I recommend downloading a screen recording app and recording your logins on the off-chance it does happen again.

[–] Zomg@lemmy.world 2 points 3 weeks ago (1 children)
[–] Don_Dickle@lemmy.world -5 points 3 weeks ago (2 children)

Folks think we got a Redditor here. It's only briefly that it happens and plus don't want like the last time I did give out a username that may be compromised.

[–] surewhynotlem@lemmy.world 4 points 3 weeks ago

No, this is simple IT support work. If you can't reproduce it, and you can't evidence that it happened, there's nothing people can do. You've given them no real place to start.

It's effectively like saying "there's a misspelling in this dictionary" and giving no further information.

[–] NutinButNet@hilariouschaos.com 3 points 3 weeks ago (1 children)

It’s important for the purpose of evidence.

There’s no harm of dox towards the user you logged in as because that is publicly available and as long as you’re not sharing anything like their email, what is the harm? Just showing a screenshot of the page where it shows their username on your session is suffice. Blur anything private, if needed.

But there’s nothing anyone can do with the information you’re giving here. There’s too much data to parse through to determine what was the invalid login.

[–] Don_Dickle@lemmy.world 2 points 3 weeks ago (1 children)

Alright next time I will try to get a screen shot.

[–] NutinButNet@hilariouschaos.com 1 points 3 weeks ago (1 children)

Good to hear, thank you! Hopefully this can finally get fixed!

[–] Don_Dickle@lemmy.world 1 points 3 weeks ago (1 children)

Yea because if i was a troll or prick or something and logged into your account I could get you banned for whatever. And no one deserves that. Because this is not Reddit.

[–] JustZ@lemmy.world 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Just make a post from the account in this sub.

[–] Don_Dickle@lemmy.world 1 points 3 weeks ago

Nope not going to happen ever. I am not going to use another persons account to post anything. Because they could complain that I abused it or whatever. Not going to start down that road.

[–] Tezka_Abhyayarshini 2 points 3 weeks ago (2 children)

Do you know if this is under the 2FA layer?

[–] Don_Dickle@lemmy.world 1 points 3 weeks ago (1 children)

have no clue what that is. I am using firefox on an hp laptop and when I click my bookmark it usually auto logs me in to my account.

[–] nokturne213@sopuli.xyz 1 points 3 weeks ago (1 children)

2FA is two factor authentication, it requires your password plus a generated code from an authentication app that changes every 60 seconds.

[–] Don_Dickle@lemmy.world 1 points 3 weeks ago (1 children)

Mine is just in my bookmarks I click it and since it saves the password it auto logs me in.

[–] devAlot@lemmy.world 1 points 3 weeks ago* (last edited 3 weeks ago)

I'm totally guilty of this myself for my work stuff (Edit: I WFH and everything still has either 2FA or MFA enabled), but saving passwords in your browser is risky. Browsers can be tricked into, for example, populating your credentials into hidden fields, thus exposing your creds to whoever's on the other end wanting that data.

I'm certainly not going to stop doing it myself, so I'm just recommending that all your passwords at least be unique for each account. I use a password manager to store them all, that way I only need to remember one master password for all my accounts.

[–] devAlot@lemmy.world 1 points 3 weeks ago (1 children)

Just a heads up, I just encountered a bug with their 2FA. I logged in, got prompted for the code, pasted it in but accidentally hit Cancel instead of Submit. It took me back to the login page, then just logged me in. I've been able to repeat the process even with expired codes, but not with codes I make up on the fly.

[–] Tezka_Abhyayarshini 1 points 3 weeks ago (1 children)

I'm deeply grateful for the consideration. This is all programmed in Rust, is it not?

[–] devAlot@lemmy.world 1 points 3 weeks ago

I believe so, yeah