Okay okay, Graf's advice is outdated, it turns out that the code for it is now *obfuscated*.
I found this .js file uploaded to my server under the filename `pfp.js`. It's NOT the same hash, you are still vulnerable. It is being exploited, clearly.
https://paste.sqt.wtf/707d32
If you run a Ctrl+F, the fedirelay.xyz url is there, so the hash check method is completely retarded, but it may be done to work around the hash files.
Fuck I'm probably leaked too but I don't really give a damn.
(◠‿・)—☆ /
npub1q3…0q3wu
2023-05-26 03:05:00
Author Public Key
npub1q3ka9kjxfdnw0w0gsxjmkvp55v7mga469ekg74pu6x8aq9x32uxsk0q3wuPublished at
2023-05-26 03:05:00Event JSON
{
"id": "c1e210e927ab8a6c027a7d336a9e9f09670ceb8287acbfabc6acd007484d4aaf",
"pubkey": "046dd2da464b66e7b9e881a5bb3034a33db476ba2e6c8f543cd18fd014d1570d",
"created_at": 1685070300,
"kind": 1,
"tags": [
[
"mostr",
"https://rdrama.cc/objects/dedfe825-0775-4b67-987b-48ae1d12095b"
]
],
"content": "Okay okay, Graf's advice is outdated, it turns out that the code for it is now *obfuscated*.\n\nI found this .js file uploaded to my server under the filename `pfp.js`. It's NOT the same hash, you are still vulnerable. It is being exploited, clearly.\n\nhttps://paste.sqt.wtf/707d32\n\nIf you run a Ctrl+F, the fedirelay.xyz url is there, so the hash check method is completely retarded, but it may be done to work around the hash files.\n\nFuck I'm probably leaked too but I don't really give a damn.",
"sig": "3d62bb4cecc8afd28e4cb0f352e18c1f1879b0da21bd779630b78459b801d344f66c600d478de30b2519805de4e54e6f496d862bab68d42c35d41c14ded8ea80"
}