this post was submitted on 17 Jul 2026
31 points (100.0% liked)

Fediverse

42998 readers
366 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 3 years ago
MODERATORS
 

The spam campaign attacking Writefreely instances is out of control. Can you contact the admins you know?

@fediverse

Yesterday I received this message from my friend @elettrona:

Are you the one running the "writefreely blogs" bot, aka writefreely@poliverso.org? Because there are tons of English accounts full of links that post nonstop.

And indeed, that account republishing posts from some Italian instances had a staggering amount of spam.

This is due to a very serious vulnerability that hasn't yet been patched by the developers, but which has (obviously) started to be exploited on a large scale.

I've notified all the Italian administrators of @writefreely instances, but I'm having some difficulty contacting the foreign ones.

These are the ones with the most users:

https://write.otter.homes/read
https://infosec.press/read
https://blog.liberta.vip/read
https://write.tedomum.net/read
https://val-vgms.gay/read
https://bolha.blog/read

But there are many others.

Is there anyone among you who can try this or at least spread the word?

Note: As I mentioned, the vulnerability has been known for a long time and is currently being exploited on a large scale.

https://github.com/writefreely/writefreely/issues/1649

you are viewing a single comment's thread
view the rest of the comments
[–] marud@piefed.marud.fr 3 points 8 hours ago (1 children)

Holy shit this is so bad.
I'm gonna shut my own instance down RN and see for something else

[–] macfranc@poliversity.it 0 points 8 hours ago (1 children)

@marud

PS: Fabio, who reported this technical solution to address the issue, is not only a former contributor to Wrirefreely but also the developer of this new platform.

If yours is a personal instance, you could replace WF with this new Madblog:

https://github.com/blacklight/madblog

[–] marud@piefed.marud.fr 1 points 6 hours ago

RN I blocked access to the signup location on nginx Should be ok for now, but I'll take a look at madblog

Thanks for the tip