SRD Hacked?

[flappeercraft]

So is anyone having problems with the SRD also? When I enter it just shows a weird message and plays audio. Anyone else having the same problem?

[Helinon]

Yeah, seems to be a hacking group that's targeting the people that own it, BoLS Interactive, since BoLS's site has the same main page. You can still access the rest of the site, you just can't use the main page.

[Graypairofsocks]

Yeah, I went to check something there and it showed up as hacked for me as well.

This is the message they wrote:

Spoiler

Show

Code:

______  ___ ______  _________ _______   __      _____ ______ _____  _    _ 
| ___ \/   || ___ \/   |  _  \  _  \ \ / /     /  __ \| ___ \____ || |  | |
| |_/ / /| || |_/ / /| | | | | |/' |\ V /      | /  \/| |_/ /   / /| |  | |
|  __/ /_| ||    / /_| | | | |  /| |/   \      | |    |    /    \ \| |/\| |
| |  \___  || |\ \___  | |/ /\ |_/ / /^\ \     | \__/\| |\ \.___/ /\  /\  /
\_|      |_/\_| \_|  |_/___/  \___/\/   \/      \____/\_| \_\____/  \/  \/ 
                                                                         
        
 
                                                                  
 Hello Administrator, How are you today? 

I realized that you spent a lot of time hunting my backdoors. 

Well... Let's play a game.

Use this same effort to fix all bugs from this **** security.

If you try to delete my backdoors again and I h4ck this server for the third time, I'll delete all domains.

We'r: J0shua - Sup3rm4n - Mhemphis - Cr0n05 - MMxM - Arplhmd

They also embedded this classical music in the page (it automatically plays):
https://www.youtube.com/embed/EFJ7kDva7JE?autoplay=1

[Manyasone]

Wow...people like that well and truly make me sick...and violent

[martixy]

Yeah, seems to be a hacking group that's targeting the people that own it, BoLS Interactive, since BoLS's site has the same main page. You can still access the rest of the site, you just can't use the main page.

I wonder what they did to deserve this. And no, you can't anymore. It returns a 403.

Wow...people like that well and truly make me sick...and violent

Frankly... these people provide a service that many people pay good money for. It's poorly managed sites that make me foam at the mouth.

[OldTrees1]

I wonder what they did to deserve this. And no, you can't anymore. It returns a 403.



Frankly... these people provide a service that many people pay good money for. It's poorly managed sites that make me foam at the mouth.

Correction: People pay for responsible and benevolent security tests. These hackers fail both tests:
1) They announced the security flaws to other bad actors. While informing threatened users (if there are any) is important, announcing to the public at large also tells the bad actors that those threatened users are vulnerable. (Irresponsible)
2) They announced that they will destroy content if they succeed again. (Malice)

[martixy]

Correction: People pay for responsible and benevolent security tests. These hackers fail both tests:
1) They announced the security flaws to other bad actors. While informing threatened users (if there are any) is important, announcing to the public at large also tells the bad actors that those threatened users are vulnerable. (Irresponsible)
2) They announced that they will destroy content if they succeed again. (Malice)

Come on... I know it's malicious. Let me have my moment of outrage for the bad admins of the world here. :)
Especially over 2) being a threat at all.

Too many times have I seen instances of not malice, but simple human mistakes cause untold amounts of damage and headaches, because someone forgot to run the backups.

On 1), well... how many high-profile cases have we seen of responsible disclosure failing utterly.

Also, don't take this for me arguing it wouldn't have worked here. Unless you wanna banter on IT security practices.

[Afgncaap5]

Lousy security's bad, sure, though I'm not a fan of trespassers rifling through my stuff to see if they could and then painting the side of my house to let me know it happened.

[khadgar567]

you know i literally give zero f to d20srd so gooooooooooood riddance

[JNAProductions]

you know i literally give zero f to d20srd so gooooooooooood riddance

You know, some of us use it and enjoy having easy access to the resources.

[icefractal]

you know i literally give zero f to d20srd so gooooooooooood riddance

Well I guess if a site that you use for reference goes down that'll be good news too, right? 😡

And I don't think much of these hackers. Telling me that my front door lock is crap - helpful. Breaking in and taking a dump on the couch while announcing to all and sundry that it's easy to break in - not helpful, being an *******.

[OldTrees1]

Come on... I know it's malicious. Let me have my moment of outrage for the bad admins of the world here. :)
Especially over 2) being a threat at all.

Too many times have I seen instances of not malice, but simple human mistakes cause untold amounts of damage and headaches, because someone forgot to run the backups.

On 1), well... how many high-profile cases have we seen of responsible disclosure failing utterly.

Also, don't take this for me arguing it wouldn't have worked here. Unless you wanna banter on IT security practices.

Oh do not let me deter your outrage at bad admins. We clearly see some degree of negligence on their part by allowing the same(?) exploit twice by the same group.

In fact, stack my outrage with yours.

[Florian]

And I don't think much of these hackers. Telling me that my front door lock is crap - helpful. Breaking in and taking a dump on the couch while announcing to all and sundry that it's easy to break in - not helpful, being an *******.

A bit of wrong comparison when it comes to IT security. For some companies, their business model is providing a "free" service, but selling (correlated) customer data to generate their income revenue. In a way, that is pretty sensible material that has to be handled with the utmost care.
So it might not actually be "taking a dump on the couch", but rather "taking a dump in front of the database you keep your profiles in".

[Dimers]

In fact, stack my outrage with yours.

Can't. Both instances are a morale bonus.

[icefractal]

A bit of wrong comparison when it comes to IT security. For some companies, their business model is providing a "free" service, but selling (correlated) customer data to generate their income revenue. In a way, that is pretty sensible material that has to be handled with the utmost care.
So it might not actually be "taking a dump on the couch", but rather "taking a dump in front of the database you keep your profiles in".

d20SRD doesn't ask for any personal info, or even a user name. The only "customer data" it's gathered from me is "which Sor/Wiz spells get looked up more often", which I doubt they're selling to anyone.

[OldTrees1]

Can't. Both instances are a morale bonus.

Huh. What about stacking a competence outrage with a morale outrage?

[Lvl 2 Expert]

I it me, or are they telling the admin to beef up security without beefing up security or else?

That doesn't even seem like a reasonable criminal demand, it's more of an impossible task as a setup for them supposedly being in the right when they start wrecking ****, costing a bunch of (practically?) hobbyists helping the community at large out time and money.

Smart hooligans are the worst, they overthink their stupid non-existent motivations.

[Dimers]

Huh. What about stacking a competence outrage with a morale outrage?

I'm not in a position to judge your competence, so add whatever modifier you see fit there, but if I were DMing this I'd certainly give a circumstance bonus.

[Bohandas]

Frankly... these people provide a service that many people pay good money for. It's poorly managed sites that make me foam at the mouth.

He demanded not to remove the backdoors, that's more asshat than white hat.I

I do 't inow what they expect to remove though, the SRD site sells downloadable copies of the whole SRD in the same format. Once the hackers are removed they just need to reach out to a customer and the site's up again

[Alent]

He demanded not to remove the backdoors, that's more asshat than white hat.I

I do 't inow what they expect to remove though, the SRD site sells downloadable copies of the whole SRD in the same format. Once the hackers are removed they just need to reach out to a customer and the site's up again

As noted higher up in the thread, it looks like collateral damage in an attack on Bell of Lost Souls, although I'm not sure the actual news site server is the same server. Given that specific pages are apparently fine and it's just the index.htm files, I'm guessing some sort of script to replace the contents of all files with that name got launched across the entire server.

(Edit: It's possible the Vandalism was also a probe in and of itself- checking to see how many different websites were hosted off the one host, even.)

[Crake]

Oh do not let me deter your outrage at bad admins. We clearly see some degree of negligence on their part by allowing the same(?) exploit twice by the same group.

In fact, stack my outrage with yours.

Most likely it was different exploits. The hackers probably got in with one exploit, installed a backdoor, which they used to investigate the server in more depth, found additional holes in security, the admins noticed, deleted some (but not all apparently) the back doors, and likely patched the hole the hackers used to get in. Then this happened.

[Dimers]

It's really starting to sound like this thread belongs in the Shadowrun forum.

Hackers and backdoors in D&D = The barbarian is coming in where you didn't expect him.

[Lord Raziere]

I it me, or are they telling the admin to beef up security without beefing up security or else?

That doesn't even seem like a reasonable criminal demand, it's more of an impossible task as a setup for them supposedly being in the right when they start wrecking ****, costing a bunch of (practically?) hobbyists helping the community at large out time and money.

Smart hooligans are the worst, they overthink their stupid non-existent motivations.

Thankfully the Pathfinder SRD is untouched, so if it does get deleted by these people, we both have the PF SRD and probably a lot of people willing to fill in the 3.5 SRD blanks from the information they have. and if the host is smart, they'll find a way to back it all up to somewhere its safe.

[Elkad]

I have the offline copy (from several years ago, but I don't think the core data has changed), so useful for me.

But I don't feel comfortable on the legality of putting up a temporary mirror.

[Thurbane]

I posted this in the necro thread, but I'll post it here as well.

This is a viable alternative until (if?) the issues are sorted out: http://dndsrd.net/home.html

[Crake]

Thankfully the Pathfinder SRD is untouched, so if it does get deleted by these people, we both have the PF SRD and probably a lot of people willing to fill in the 3.5 SRD blanks from the information they have. and if the host is smart, they'll find a way to back it all up to somewhere its safe.

you know the official 3.5 srd is still availale directly from wizards in .rtf, right? The information hasn't been lost or anything, just the method of presentation done by d20srd.com. As Thurbane noted, there are still other prefectly viable sources for the srd available.

[Bohandas]

you know the official 3.5 srd is still availale directly from wizards in .rtf, right? The information hasn't been lost or anything, just the method of presentation done by d20srd.com. As Thurbane noted, there are still other prefectly viable sources for the srd available.

The official srd is difficult to navigate

[martixy]

He demanded not to remove the backdoors, that's more asshat than white hat.

Okay, points for this one, you win an internet.

Thankfully the Pathfinder SRD is untouched, so if it does get deleted by these people, we both have the PF SRD and probably a lot of people willing to fill in the 3.5 SRD blanks from the information they have. and if the host is smart, they'll find a way to back it all up to somewhere its safe.

PFSRD recently moved to wordpress(from google sites - say what you will, but google knows security), so cross your fingers they know what they're doing. An unsecured WP instance is leakier than my shower head.

Besides, 3.5 SRD is just a buncha HTML files. No JS, no nothing(excluding the ads they inject).

[Crake]

The official srd is difficult to navigate

Not denying that at all But the information isn't lost was my point.

[Elkad]

Okay, points for this one, you win an internet.



PFSRD recently moved to wordpress(from google sites - say what you will, but google knows security), so cross your fingers they know what they're doing. An unsecured WP instance is leakier than my shower head.

Besides, 3.5 SRD is just a buncha HTML files. No JS, no nothing(excluding the ads they inject).

.js for searches, at least in my old copy. But not that those are super necessary.

It is the best organized SRD site of all the ones I've stumbled over.