Okay okay, Graf's advice is outdated, it turns out that the code for it is now *obfuscated*.
I found this .js file uploaded to my server under the filename `pfp.js`. It's NOT the same hash, you are still vulnerable. It is being exploited, clearly.
If you run a Ctrl+F, the fedirelay.xyz url is there, so the hash check method is completely retarded, but it may be done to work around the hash files.
Fuck I'm probably leaked too but I don't really give a damn.
