Targeting Lemmy specifically? probably not, but that’s not really the issue. It’s not that being a .zip address makes the server vulnerable, it’s that the existence of the .zip TLD makes everyone vulnerable:
Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until “the dust settles and risks can be assessed”.
I still can’t take anyone running a .zip TLD seriously. It was bad idea to create it and it’s a bad idea to use it.
Is there any PoC of attacks on Lemmy using .zip TLD ? The instance has been up for 2 years, I never heard anything
Targeting Lemmy specifically? probably not, but that’s not really the issue. It’s not that being a .zip address makes the server vulnerable, it’s that the existence of the .zip TLD makes everyone vulnerable:
https://en.wikipedia.org/wiki/.zip_(top-level_domain)#Security_concerns