nostr:npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6 Wait... Is OF based on Pleroma?
Pleroma is full of security vulnerabilities because OnlyFans paid people on Upwork to implement a bunch of features nobody wants.
Have you ever tried downloading an emoji pack from a server? No? Well that's the vulnerable code.
Anyway, hopefully everyone is using s3 for uploads by now and has the dedupe filter enabled.
Patch is being merged into Rebased now: https://gitlab.com/soapbox-pub/rebased/-/merge_requests/263
A patch was ready yesterday but I figured I'd wait til after it landed upstream first.
nostr:note1ch09jq7ywc26h8jdprrd3k67ufllqy7fm5t3qd2lxeud9kvtrwnsc7p442
Discussion
No. More correctly it was MyFreeCams. The largest Pleroma server used to be social.myfreecams.com until it was shut down. Both sites are owned by Leo Radvinsky.
OF was actually a competitor to MFC Social (by the same investor), and OF exploded in popularity so it didn't make sense to run both projects simultaneously.