this post was submitted on 17 Jul 2026
31 points (100.0% liked)

Fediverse

42998 readers
366 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 3 years ago
MODERATORS
 

The spam campaign attacking Writefreely instances is out of control. Can you contact the admins you know?

@fediverse

Yesterday I received this message from my friend @elettrona:

Are you the one running the "writefreely blogs" bot, aka writefreely@poliverso.org? Because there are tons of English accounts full of links that post nonstop.

And indeed, that account republishing posts from some Italian instances had a staggering amount of spam.

This is due to a very serious vulnerability that hasn't yet been patched by the developers, but which has (obviously) started to be exploited on a large scale.

I've notified all the Italian administrators of @writefreely instances, but I'm having some difficulty contacting the foreign ones.

These are the ones with the most users:

https://write.otter.homes/read
https://infosec.press/read
https://blog.liberta.vip/read
https://write.tedomum.net/read
https://val-vgms.gay/read
https://bolha.blog/read

But there are many others.

Is there anyone among you who can try this or at least spread the word?

Note: As I mentioned, the vulnerability has been known for a long time and is currently being exploited on a large scale.

https://github.com/writefreely/writefreely/issues/1649

top 5 comments
sorted by: hot top controversial new old
[–] frongt@lemmy.zip 3 points 4 hours ago

So it was fixed two weeks ago, but they haven't released the fixed version, and their last release was... 11 months ago???

[–] marud@piefed.marud.fr 3 points 6 hours ago (1 children)

Holy shit this is so bad.
I'm gonna shut my own instance down RN and see for something else

[–] macfranc@poliversity.it 0 points 6 hours ago (1 children)

@marud

PS: Fabio, who reported this technical solution to address the issue, is not only a former contributor to Wrirefreely but also the developer of this new platform.

If yours is a personal instance, you could replace WF with this new Madblog:

https://github.com/blacklight/madblog

[–] marud@piefed.marud.fr 1 points 5 hours ago

RN I blocked access to the signup location on nginx Should be ok for now, but I'll take a look at madblog

Thanks for the tip

[–] JupiterRowland@sh.itjust.works 5 points 7 hours ago

"Use WriteFreely instead of Plume," they said.

"It's in active development," they said.

Then again, if this was to happen to Plume (and I wouldn't be surprised if it was), it'd take the devs until the 2030s to fix it.