@Gargron Did you see this? Some people are discussing if this is problem with OG mastodon or if gab added it. Perhaps put out statement?
6 comments
Eugen Rochko
@derek They're also using Net::HTTP with no configured timeout as well as far as I can see so you can easily DoS them by submitting a lot of requests to deliberately slow URLs Or fill their server's RAM by making requests to gigantic files Which is bizarre because if they'd just used our own Request class like everywhere else in actual Mastodon code, they'd be protected against all those things
derek
@Gargron No telling with those guys honestly. I have seen them do and say some crazy, dishonest things. Their biz model is victimhood so when everything thing is going smoothly and no drama donations drop. Their newest scam is they are using real accounts to like posts of big name e-celebs to make the celebs excited. Many people are complaining when they see likes on posts they would have never liked.
Eugen Rochko
@derek Let's just say I am not aware of them ever porting a security fix from us since the time they forked |
@derek Where are people discussing it? No API like this exists in Mastodon, that is the most obvious vulnerability I have ever seen