I don't believe FMHY was affected. For me, the timeline went:
I found out about the hack pretty much immediately when it happened
I immediately hopped into the Lemmy dev matrix channels to get an idea of what was going on
I crossposted the news of the hack in [email protected] about 20 or 30 minutes after it happened
In the dev channels, right around when I made the post, a couple of users were able to pin down the exact vulnerability and which server the user that perpetrated it originated from. A user (that I won't name) sent test instructions (that were quickly deleted and I will not share on the off chance that there are servers that don't know about the vuln and haven't patched or mitigated) that verified the vulnerability.
A pull request for the fix was submitted to github (and, from a cursory look at the PR, it closes the hole that was used for the hack solidly) while, simultaneously, a couple of other devs stated that 0.18.1 is not affected by the vulnerability (which I have not taken the time to verify since they've already PRed a patch)
For those reasons, I don't think FMHY was ever at risk because of how quickly it was updated to 0.18.1 coupled with the fact that I don't think custom emojis are a thing on here. It's very possible that I am wrong about that because I'm an idiot but I don't believe there's anything to worry about.
On the Divolt, Zinklog said he should've made a post before they pulled the plug. But the vulnerability seemed scary. Which I can't blame em for. No other official word to my knowledge though
Oh yes I actually agree with that decision. Better safe than sorry.
But I was worried about the information blackout. I feared the admins got hacked and locked out of the server.
I'm not familiar with Divolt. Can you browse without being registered? If not, maybe we need a more public backup channel? Dunno, maybe on Mastodon or on another Lemmy instance?
Today I even checked the fmhy sub on Reddit but there was nothing there.