Results 1 to 30 of 52
Thread: SRD Hacked?
-
2017-08-11, 09:49 PM (ISO 8601)
- Join Date
- Feb 2016
- Location
- DPT's Window
- Gender
SRD Hacked?
So is anyone having problems with the SRD also? When I enter it just shows a weird message and plays audio. Anyone else having the same problem?
-
2017-08-11, 09:55 PM (ISO 8601)
- Join Date
- Sep 2008
- Gender
-
2017-08-12, 01:18 AM (ISO 8601)
- Join Date
- Apr 2014
- Gender
Re: SRD Hacked?
Yeah, I went to check something there and it showed up as hacked for me as well.
This is the message they wrote:
Spoiler
Code:______ ___ ______ _________ _______ __ _____ ______ _____ _ _ | ___ \/ || ___ \/ | _ \ _ \ \ / / / __ \| ___ \____ || | | | | |_/ / /| || |_/ / /| | | | | |/' |\ V / | / \/| |_/ / / /| | | | | __/ /_| || / /_| | | | | /| |/ \ | | | / \ \| |/\| | | | \___ || |\ \___ | |/ /\ |_/ / /^\ \ | \__/\| |\ \.___/ /\ /\ / \_| |_/\_| \_| |_/___/ \___/\/ \/ \____/\_| \_\____/ \/ \/ Hello Administrator, How are you today? I realized that you spent a lot of time hunting my backdoors. Well... Let's play a game. Use this same effort to fix all bugs from this **** security. If you try to delete my backdoors again and I h4ck this server for the third time, I'll delete all domains. We'r: J0shua - Sup3rm4n - Mhemphis - Cr0n05 - MMxM - Arplhmd
They also embedded this classical music in the page (it automatically plays):
https://www.youtube.com/embed/EFJ7kDva7JE?autoplay=1
-
2017-08-12, 09:39 AM (ISO 8601)
- Join Date
- Sep 2015
- Location
- The Old World
- Gender
-
2017-08-12, 09:56 AM (ISO 8601)
- Join Date
- Jul 2014
Re: SRD Hacked?
My attempt at non-awful fumble rules
Arcane Archer minimal fix (maybe not so minimal anymore)
Reworking the Complete Adventurer Tempest PrC
Expanding the Pathfinder Called Shots system
Keyboard shortcuts for d20srd.org
Guide to Optimizing To-Hit
Obscure Psionic Power Index
🕷
-
2017-08-12, 11:37 AM (ISO 8601)
- Join Date
- Jul 2013
Re: SRD Hacked?
Correction: People pay for responsible and benevolent security tests. These hackers fail both tests:
1) They announced the security flaws to other bad actors. While informing threatened users (if there are any) is important, announcing to the public at large also tells the bad actors that those threatened users are vulnerable. (Irresponsible)
2) They announced that they will destroy content if they succeed again. (Malice)
-
2017-08-12, 12:39 PM (ISO 8601)
- Join Date
- Jul 2014
Re: SRD Hacked?
Come on... I know it's malicious. Let me have my moment of outrage for the bad admins of the world here. :)
Especially over 2) being a threat at all.
Too many times have I seen instances of not malice, but simple human mistakes cause untold amounts of damage and headaches, because someone forgot to run the backups.
On 1), well... how many high-profile cases have we seen of responsible disclosure failing utterly.
Also, don't take this for me arguing it wouldn't have worked here. Unless you wanna banter on IT security practices.
My attempt at non-awful fumble rules
Arcane Archer minimal fix (maybe not so minimal anymore)
Reworking the Complete Adventurer Tempest PrC
Expanding the Pathfinder Called Shots system
Keyboard shortcuts for d20srd.org
Guide to Optimizing To-Hit
Obscure Psionic Power Index
🕷
-
2017-08-12, 12:45 PM (ISO 8601)
- Join Date
- May 2010
Re: SRD Hacked?
Lousy security's bad, sure, though I'm not a fan of trespassers rifling through my stuff to see if they could and then painting the side of my house to let me know it happened.
-
2017-08-12, 12:45 PM (ISO 8601)
- Join Date
- Dec 2013
- Location
- turkey
- Gender
-
2017-08-12, 12:56 PM (ISO 8601)
- Join Date
- Jul 2014
- Location
- Avatar By Astral Seal!
Re: SRD Hacked?
I have a LOT of Homebrew!
Spoiler: Former AvatarsSpoiler: Avatar (Not In Use) By Linkele
Spoiler: Individual Avatar Pics
-
2017-08-12, 12:58 PM (ISO 8601)
- Join Date
- Oct 2007
Re: SRD Hacked?
Well I guess if a site that you use for reference goes down that'll be good news too, right? 😡
And I don't think much of these hackers. Telling me that my front door lock is crap - helpful. Breaking in and taking a dump on the couch while announcing to all and sundry that it's easy to break in - not helpful, being an *******.Last edited by icefractal; 2017-08-12 at 01:00 PM.
-
2017-08-12, 01:14 PM (ISO 8601)
- Join Date
- Jul 2013
-
2017-08-12, 01:28 PM (ISO 8601)
- Join Date
- Oct 2015
- Location
- Berlin
- Gender
Re: SRD Hacked?
A bit of wrong comparison when it comes to IT security. For some companies, their business model is providing a "free" service, but selling (correlated) customer data to generate their income revenue. In a way, that is pretty sensible material that has to be handled with the utmost care.
So it might not actually be "taking a dump on the couch", but rather "taking a dump in front of the database you keep your profiles in".
-
2017-08-12, 01:49 PM (ISO 8601)
- Join Date
- Oct 2009
- Location
- Boston, MA
- Gender
-
2017-08-12, 02:01 PM (ISO 8601)
- Join Date
- Oct 2007
-
2017-08-12, 02:34 PM (ISO 8601)
- Join Date
- Jul 2013
-
2017-08-12, 02:36 PM (ISO 8601)
- Join Date
- Oct 2014
- Location
- Tulips Cheese & Rock&Roll
- Gender
Re: SRD Hacked?
I it me, or are they telling the admin to beef up security without beefing up security or else?
That doesn't even seem like a reasonable criminal demand, it's more of an impossible task as a setup for them supposedly being in the right when they start wrecking ****, costing a bunch of (practically?) hobbyists helping the community at large out time and money.
Smart hooligans are the worst, they overthink their stupid non-existent motivations.The Hindsight Awards, results: See the best movies of 1999!
-
2017-08-12, 02:40 PM (ISO 8601)
- Join Date
- Oct 2009
- Location
- Boston, MA
- Gender
Re: SRD Hacked?
-
2017-08-12, 04:31 PM (ISO 8601)
- Join Date
- Feb 2016
Re: SRD Hacked?
He demanded not to remove the backdoors, that's more asshat than white hat.I
I do 't inow what they expect to remove though, the SRD site sells downloadable copies of the whole SRD in the same format. Once the hackers are removed they just need to reach out to a customer and the site's up again"If you want to understand biology don't think about vibrant throbbing gels and oozes, think about information technology" -Richard Dawkins
Omegaupdate Forum
WoTC Forums Archive + Indexing Projext
PostImage, a free and sensible alternative to Photobucket
Temple+ Modding Project for Atari's Temple of Elemental Evil
Morrus' RPG Forum (EN World v2)
-
2017-08-12, 05:19 PM (ISO 8601)
- Join Date
- Sep 2013
Re: SRD Hacked?
As noted higher up in the thread, it looks like collateral damage in an attack on Bell of Lost Souls, although I'm not sure the actual news site server is the same server. Given that specific pages are apparently fine and it's just the index.htm files, I'm guessing some sort of script to replace the contents of all files with that name got launched across the entire server.
(Edit: It's possible the Vandalism was also a probe in and of itself- checking to see how many different websites were hosted off the one host, even.)Last edited by Alent; 2017-08-12 at 05:21 PM.
My Homebrew A Return to Exile, a homebrew campaign setting.
Under Construction: Skills revamp for the Campaign Setting. I need to make a new index thread.
-
2017-08-12, 05:27 PM (ISO 8601)
- Join Date
- May 2011
Re: SRD Hacked?
Most likely it was different exploits. The hackers probably got in with one exploit, installed a backdoor, which they used to investigate the server in more depth, found additional holes in security, the admins noticed, deleted some (but not all apparently) the back doors, and likely patched the hole the hackers used to get in. Then this happened.
World of Madius wiki - My personal campaign setting, including my homebrew Optional Gestalt/LA rules.
The new Quick Vestige List
-
2017-08-12, 05:41 PM (ISO 8601)
- Join Date
- Oct 2009
- Location
- Boston, MA
- Gender
Re: SRD Hacked?
It's really starting to sound like this thread belongs in the Shadowrun forum.
Hackers and backdoors in D&D = The barbarian is coming in where you didn't expect him.
-
2017-08-12, 05:46 PM (ISO 8601)
- Join Date
- Mar 2010
- Gender
Re: SRD Hacked?
Thankfully the Pathfinder SRD is untouched, so if it does get deleted by these people, we both have the PF SRD and probably a lot of people willing to fill in the 3.5 SRD blanks from the information they have. and if the host is smart, they'll find a way to back it all up to somewhere its safe.
-
2017-08-12, 06:09 PM (ISO 8601)
- Join Date
- Oct 2013
Re: SRD Hacked?
I have the offline copy (from several years ago, but I don't think the core data has changed), so useful for me.
But I don't feel comfortable on the legality of putting up a temporary mirror.
-
2017-08-12, 06:41 PM (ISO 8601)
- Join Date
- Jul 2007
- Location
- Terra Australis
- Gender
Re: SRD Hacked?
I posted this in the necro thread, but I'll post it here as well.
This is a viable alternative until (if?) the issues are sorted out: http://dndsrd.net/home.htmlMy winning competition entries: Kinvig Arrumskor | The Great Pumpkinhead | Wynfrith d'Acker
Torn-City - Massively multiplayer online browser based crime RPG
-
2017-08-12, 07:22 PM (ISO 8601)
- Join Date
- May 2011
Re: SRD Hacked?
you know the official 3.5 srd is still availale directly from wizards in .rtf, right? The information hasn't been lost or anything, just the method of presentation done by d20srd.com. As Thurbane noted, there are still other prefectly viable sources for the srd available.
Last edited by Crake; 2017-08-12 at 07:22 PM.
World of Madius wiki - My personal campaign setting, including my homebrew Optional Gestalt/LA rules.
The new Quick Vestige List
-
2017-08-12, 07:25 PM (ISO 8601)
- Join Date
- Feb 2016
"If you want to understand biology don't think about vibrant throbbing gels and oozes, think about information technology" -Richard Dawkins
Omegaupdate Forum
WoTC Forums Archive + Indexing Projext
PostImage, a free and sensible alternative to Photobucket
Temple+ Modding Project for Atari's Temple of Elemental Evil
Morrus' RPG Forum (EN World v2)
-
2017-08-12, 07:36 PM (ISO 8601)
- Join Date
- Jul 2014
Re: SRD Hacked?
Okay, points for this one, you win an internet.
PFSRD recently moved to wordpress(from google sites - say what you will, but google knows security), so cross your fingers they know what they're doing. An unsecured WP instance is leakier than my shower head.
Besides, 3.5 SRD is just a buncha HTML files. No JS, no nothing(excluding the ads they inject).
My attempt at non-awful fumble rules
Arcane Archer minimal fix (maybe not so minimal anymore)
Reworking the Complete Adventurer Tempest PrC
Expanding the Pathfinder Called Shots system
Keyboard shortcuts for d20srd.org
Guide to Optimizing To-Hit
Obscure Psionic Power Index
🕷
-
2017-08-12, 07:40 PM (ISO 8601)
- Join Date
- May 2011
Re: SRD Hacked?
World of Madius wiki - My personal campaign setting, including my homebrew Optional Gestalt/LA rules.
The new Quick Vestige List
-
2017-08-12, 07:50 PM (ISO 8601)
- Join Date
- Oct 2013