From nobody Mon Mar 30 17:38:17 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fkz4H3Ypwz6X8Bx for ; Mon, 30 Mar 2026 17:38:23 +0000 (UTC) (envelope-from thorres@brothersofgrey.net) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (3072 bits) client-digest SHA256) (Client CN "mout.kundenserver.de", Issuer "Telekom Security ServerID OV Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fkz4F7567z3dWb for ; Mon, 30 Mar 2026 17:38:21 +0000 (UTC) (envelope-from thorres@brothersofgrey.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=brothersofgrey.net header.s=s1-ionos header.b=fG11OFo4; dmarc=pass (policy=none) header.from=brothersofgrey.net; spf=pass (mx1.freebsd.org: domain of thorres@brothersofgrey.net designates 212.227.126.130 as permitted sender) smtp.mailfrom=thorres@brothersofgrey.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brothersofgrey.net; s=s1-ionos; t=1774892299; x=1775497099; i=thorres@brothersofgrey.net; bh=P8D36fWJ3BTlTZmttBqLhhd+bhTiC7UxS1S1bPxtaXk=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject: References:To:From:In-Reply-To:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=fG11OFo4Hru+kaQYp4sOOE3RRyTvnJxef+rDFle56XRgT9SYqam+bQVw1pdJz1u6 kYAYFx5Ch3xykn5weCMA35wHCadlcyKMYGROyEgUSsUzXQj1RuDz1BK3VoXKeBzwZ HoHwL6TL395e/kpEZEzYfriGvhs3jyBgrtrc9oNvmM5zL/RrTm+cycq0lxSddcC0J a0mlrOHZvOkOgueXhZbBPp9XZPitqm83jHQ1UZM2XLb6BAlViqswWl9qlpdkMSoXM cJOm7DkhrAAVvhMALmCe68Ao80lPSJAHtHW+fn9q011FYJHbfOgnknZN4qKQAawTT JJevZ+MuByiFsniXTA== X-UI-Sender-Class: 55c96926-9e95-11ee-ae09-1f7a4046a0f6 Received: from client.hidden.invalid by mrelayeu.kundenserver.de (mreue009 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MXY2Z-1w1Vxs2wqF-00J7Mx for ; Mon, 30 Mar 2026 19:38:19 +0200 Message-ID: <04d9e055-b0a4-47d5-b24c-0f06b379d937@brothersofgrey.net> Date: Mon, 30 Mar 2026 19:38:17 +0200 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Fwd: Forums hacked or defaced References: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> Content-Language: en-US, de-DE To: freebsd-security@freebsd.org From: Klaus In-Reply-To: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> X-Forwarded-Message-Id: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:yCZpc+nPhyvjerdcZBN3KUMhLSlR7m/qUhOy9Z55ey2whKdRPS8 qZ5D3tBWoA6YEyiLtL9ylIGpS46dJz9Xc8gjOixvQ6NPWXjbRJH1LrcIzZ0QMIKV2yQHd/I BT7d3WJKFv5Z9MQkAV9OtwGZVYsEAKWKvCcAhXtcl+NjT7DgLJGs0kL9PMRPEAgVRqMk+k4 yrLvRRgA8si6mjz2vdg+Q== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:KQm5deCxDeM=;1nfPWl5ngHL2LTqpzi6ybhAHdv6 C5DiIbzbIBM/fUwZwjuFHROPKmFByMF7g7K39RrmHsFVoiXufmLkxNimMG8d5zynu8NURdwOf c14ZAgEb/wstlJQA7SD5FY+1TbCdvRy9lZlfQEAUVmaFE7kH+oAQcmmkMNco7u5KIWHX47Bmx URcRHNRiGD9f8m2SQTjk8LPl/Qrt0PqwoHmZZ/SmVCU2cx0uSgCy8hN8qB7Qo61KeiKL8lvFW Z907iHh3141f22xRa/DR2nhJ46mZGKwW3xighlyRV9l0vQJJzgcqjruqpV0Bcja2Keh41jWIX 7xUEhp1jfxCGFAxhzBqJUYu3tXSzqzi8r7WNGQ5qNE9OFmjl6TmP5bpz/50L2ZfqBfywraNv5 XGPt6zpdfmCR19FJ1bKbY/CvbislPafUBdKy6gJ5R+68cV/DH3FOEfkJzfF+oN+Z4dEfoMTtb Y6NGu4BNNVbYglrfH/GSciAMP7YLkjbHgHbDzfPpuLo0kNdNXwK+b0C9rcS5HC3xhawGYX8JA UChcjR1g7ePdrj2Oj50JNMfTIkqcIrOx0sckColf+qIVlCv58PKMlEJ12HU8p/A7a90o+GKSl +LoR5ubJ9vWNoY0VFYn+EsNd2GE9fUpyoVhKZXsO1P8KZtwony8beOLvUArdurrVF0dkuyqMt a1hhO9vL1QhSfXOJ55bzM34oc6+ulrUzG7XLQ8EI6LouFshGYDlmzk1CyIYhr1SEVhf9fBh49 2wy1b6OpivgPoLUMSYiviY8xrCFsCW0vS7esvj6bpVeGTV3J1xc8s4HG/NJaxA+tNTbiyMkkc h3RcIhN/wH7oI2gVNVP9RuHa9n4+8Uxl4EnWL88/ZtzkZ3JGqOtzctEWduKz2GRlE68HV0Uz6 7JKTGgA3MvNlvxVLkm5TOEFKjI4PhM+9AOAY8opw3JmWAFxP8gwqXUc/mmsIqO4u3mpbrgZj2 15Do60R67Cun0hZx4gc8zzyojen4YIi+q2/kVcT4FOgCMaYMgCOWBvmsK5eXK8A4t/60+Dy7i L0mgFBSEQxbVeNU2oP0PNt1ArfhV47q+RteaO0e0aNepUdM85+gek2WqulEf3JflYbNZpesbI 1IeBwHwxMh0Rj1Wd+ymX6xH4cOFNeLvOsKk9MnP8bHGoh67CR9RRTQGkZquiqaDumzn7sT0Q9 rnW/uiI0A8TxvRv5kqc7sHyZs624wH7sp5CcRjDo+h0QzDNEb5saeFIMCL9paOczjIUw0bksf Suemd/hd2SVJgFDT02uS9TaLmk0pwuwpMSzo7oT/7ptC3cNhKaB5zH9BKK8u/YzMobyc8JufJ dReXkL0vytqaT8x+ktQPpKrtseYp2TWJRNZKp7bp+O2zf2qNGcclNdyxsQsLB/EuxvV3w2faU QHNrjHTUVJ5JqoNjPOvqjk6EFa72ntCm80uQlfBJug3ltp/luzvJME+IV386IxiobTyy9C0wB BpiLgVC84h7799lwkEqBpCHijqKzBX2IKhTCnJaEIZRjcAKI66CD90CXkgJ75rvPpvwdT51mM EIGQJ+OZw/WMDxzSfPW5I+hp4xmI7++PZR3a6PQqQ3Z9fuGrppb0BXZQMDBUEMrae/Ej/3OHv jT1rV11cwudOjd96TLNHalEGhKxhih619i0g4nUPehJA71tG7fLyNd8vgsc3cPXrB1reLXxNJ yMAODI5TU1jQYHAVseJ5mgJafPIgsEGnoCaBiIkSNzt+MzmWK99BUNjKIBAPmlRO8r7QtiXwx nnDpv3iXdf0AE5/obD947nrL9lyAzJ84OGgJtK1bbE2oz5C/d3+ArfufJI4MdJHBzipun+2cu 3c8JFR469YwnM8uRdgWnm/fcaNZGjV5ejP4+z8INUhi5ue8= X-Spamd-Result: default: False [-3.93 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.93)[-0.934]; DMARC_POLICY_ALLOW(-0.50)[brothersofgrey.net,none]; R_DKIM_ALLOW(-0.20)[brothersofgrey.net:s=s1-ionos]; RWL_MAILSPIKE_VERYGOOD(-0.20)[212.227.126.130:from]; ONCE_RECEIVED(0.20)[]; R_SPF_ALLOW(-0.20)[+ip4:212.227.126.128/25]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_ONE(0.00)[1]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[212.227.126.130:from]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; DKIM_TRACE(0.00)[brothersofgrey.net:+] X-Rspamd-Queue-Id: 4fkz4F7567z3dWb X-Spamd-Bar: --- Hi, this appeared on the freebsd-chat list. The FreeBSD Forum is indeed=20 defaced right now. =2D------- Forwarded Message -------- Subject: Forums hacked or defaced Date: Mon, 30 Mar 2026 16:29:33 +0000 From: Alexandre O. de Almeida To: freebsd-chat@freebsd.org Hi, it seems like the forums have been defaced, not sure how, but it's=20 loading a webpage from a github repository which seems to include some=20 TCP SYN flood scripts. From my understanding, the TCP DDoS is not=20 enabled yet (no params passed to the call to the github html page), but=20 the frontpage is just replaced with embeds to a github repo: github.com/cassbethany10-afk/test123 From nobody Mon Mar 30 19:18:10 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fl1Hk4pmxz6XJkL for ; Mon, 30 Mar 2026 19:18:26 +0000 (UTC) (envelope-from droidbittin@gmail.com) Received: from mail-dy1-x1330.google.com (mail-dy1-x1330.google.com [IPv6:2607:f8b0:4864:20::1330]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fl1Hk1PQZz41Rb for ; Mon, 30 Mar 2026 19:18:26 +0000 (UTC) (envelope-from droidbittin@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-dy1-x1330.google.com with SMTP id 5a478bee46e88-2ba9c484e5eso4261852eec.1 for ; Mon, 30 Mar 2026 12:18:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774898303; cv=none; d=google.com; s=arc-20240605; b=Tea6u//VY+iTCqIQxNjgNH0MRngD9fksf7I67BF94idz3H+UFfNMoANkP1zutOveTU ggJKQD7c/PErALd2rS78bINrsQOhJTxRAqwqG+lbQVQoGhwibDlgy9f6HaOTrio/qZAp 0miyECxbzWr45rlpBqHy3WFSQA2rHytZhWBzOqE4IPQyblwEtnejN7Iu86QFLZLTki5T smwKD7m+Y6woOJBcX9yyrQitu92Q8dK5ifqcWNRB2CMPEjYmwSazdBCJlHi4T6KAsJeE mQLH3C2xAeSAZbVKZhe6JVt4DU/FZF4SUDjibUgWSfxXB1ir+3Z9drvxrHMiiHtQ3AK1 5Yuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=cbxmditodVDK5WCrn9MlI1p8otpIU0HoC3fsJrh2aVM=; fh=1KZigaVrF4GV0Tbon5iSYgeRQprg3q+1YV09QPZGJN4=; b=HkdetPEuKFKZOcYuzXe8PvlIixyDgknCuwPZkvrhGzdunvh728Fr1nkGwIkYc4Cvz5 nmPLE19TE7MjX1kDBGG1vGDqCDLy8/IvGcFt+JWsXz9IOK2JCSo/x6Hc0QhAF49sXCru CWYB+9ePXtjKpW2D7et022fBg/Jj69AoUfFpEHyJ6MedIJA2Hu81b5F7uprV4+GPMAXr IR7sDWEBfikNb4fmX9KWYbdpWgogx2QpH20F27a8hhYmMJJu+vByEklC44l48atovQja UCfCBDYKtVk9088BjGL8z+i/2tNRTftHFOhvPzjof5e2xfhj3we/YSwGFJadTJQqbEh9 TuLQ==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774898303; x=1775503103; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=cbxmditodVDK5WCrn9MlI1p8otpIU0HoC3fsJrh2aVM=; b=D8ed63SQkRQ9kgOTCQUY7UVzyakA8lVMarTPqtu+Y66esMe0q2yF2XAxZCF3YsePpf qbMbM0sSM6/IOr+UWUAE9g3AuVFqcSUFLr09ECHxUDfhIXjjKxiNMlUmJxDKlhT+CzU6 OW0OaXoKfGOdaBX+nbU2Bsy302UvFuO75JNWdaku2hxGtV8o8uRRqg7bSO4VFJZLc7rw lJeDD1eIZI05vlMyLwHbDc1sg6gYRDI7jG5GmD7+cUs8J547WimDfVu7b4n0kYwo+dLx 2+p4BrFL5/dmelhMlGj6FGlt+6NCcVxnnCwY6nTqFRl7W1Z7UUBBpPEuHw3Ag9NIw+98 g8Rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774898303; x=1775503103; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=cbxmditodVDK5WCrn9MlI1p8otpIU0HoC3fsJrh2aVM=; b=jJGzjY8dBtJpC8AtZp1yMvhS1B3Macp6iqA+WE3JTgZPoa+aEWXBLcCNw5N+xtSAI7 uzmh2FPx+DWPA3bML/ov+T89vA1tkTbsRAbJcens+Hrnn7Z5nFQsrvU6szhJa/aDJmRC 77OOqGjxO3VjVLmts4FfDOSA0h0PAxMATqH30XzWFf8MymiwJp/H92OGeipmmRGrGq1+ pcr3JWIGSvy3D/fRn2uVomjk9kAIz66GcKsMCvGLevb304kKDX4Bmy7G1l9th7C3yHfl 5I8Y0UznMu7D09G6kU6CvyUBSmNmVFGJkH+nKpOpWK3OpdlMnWGbWNi5qdeKS5Cmfe3u ENpQ== X-Forwarded-Encrypted: i=1; AJvYcCVKktv563qMTQn7KXxRUEBiXBKEkXQr26M/ogFg7Hjn08Nta467p+xuxb7gw3lir6hzYhL94SHA/ob7PJUWMjRB@freebsd.org X-Gm-Message-State: AOJu0YyBs8SINGIWKe/Suuj2k9z/Gp6HxExj5MBWL2cBiQ26vcbvZ/ps 97zvuFLjQWSeB210JoLOQ8VKhg6uTdlx9imFsdIkhHFR6+bLE8n31FzO/vyyxgcF+Mg9uWKu/Q0 HQPd8xqZtG354XzFXUgSF3SODyby2NKI= X-Gm-Gg: ATEYQzwYW4KtYaXWFH9vbj8gRiEVyu/u/p3jljAEaiUN+N8I6fDD1lPz334vBKHpLi5 MiyVX2a79KH1ZsC25SfIWkjZkwnNH9eproiROO22ZkuIdELkxqEOr4Az8ZQuJy1ysKnviVrhE4f cCRN1yPoIJEopOyYAiur63y9QL1z1niWTqS9a5izeejgLYVGPEx8daHaZOSf3u+Yn6gLYvL/59W vh5nQxle9myn1Y5cFkqH88EWDK9HbUlMTCO4BXNhK/2yZLFDisdlymt2RV+yswBdRWqCRpGe+Tw XleZbzvAWoOOWeuhDeDdbIlcwaJIW8Xui7vltmFSrWaCFvxXGC5KluvdKOkfvigvLWALkf/v9i9 t2EVvmuRKelMNt/UPN800MLYcpBFfoz2YiQvikWz6DZPLuuDBXX6xQuRHsdaq4sgXFUlyLzfuUb 3yuikp5vzT6jj1kKJrdfs= X-Received: by 2002:a05:7300:d512:b0:2c0:d46d:cfc2 with SMTP id 5a478bee46e88-2c185e365b2mr6977935eec.23.1774898302947; Mon, 30 Mar 2026 12:18:22 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 References: <2daa3b54-59b1-4bcd-afb5-8767fdd8c415@gmail.com> <03c13af8-bca5-4731-a4fd-92456db5bb7c@qeng-ho.org> <2a3701dcc067$38688290$a93987b0$@vestigocorp.com> <4edf0e50-1558-47ee-98d0-07ba01ce0948@alexburke.ca> <914b7a933d686c2c78443d7b2918eaee2c3d2d90.camel@riseup.net> <20260330200926.32357d9f@des.dorfdsl.de> <282aedc0c622a613e27f65741a041526558ca00d.camel@riseup.net> In-Reply-To: <282aedc0c622a613e27f65741a041526558ca00d.camel@riseup.net> From: Luna Jernberg Date: Mon, 30 Mar 2026 21:18:10 +0200 X-Gm-Features: AQROBzD9QNr0eYjT0gKka2faqRq6BXJOQVMYMvkokL60LR4WeVvBHe_8WamOQ3Q Message-ID: Subject: Re: FreeBSD forums hacked To: Ralf Mardorf , Luna Jernberg Cc: questions@freebsd.org, FreeBSD-security@freebsd.org, freebsd-chat@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4fl1Hk1PQZz41Rb X-Spamd-Bar: ---- Down here, also anyone know if they got any database or just defaced the si= te? Den m=C3=A5n 30 mars 2026 kl 21:15 skrev Ralf Mardorf : > > A few minutes make all the difference. The site is up again. > From nobody Mon Mar 30 19:18:47 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fl1JR2FDjz6XJxt for ; Mon, 30 Mar 2026 19:19:03 +0000 (UTC) (envelope-from droidbittin@gmail.com) Received: from mail-dy1-x1335.google.com (mail-dy1-x1335.google.com [IPv6:2607:f8b0:4864:20::1335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fl1JQ2v4Xz41vl for ; Mon, 30 Mar 2026 19:19:02 +0000 (UTC) (envelope-from droidbittin@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-dy1-x1335.google.com with SMTP id 5a478bee46e88-2ba9c484e5eso4262529eec.1 for ; Mon, 30 Mar 2026 12:19:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774898340; cv=none; d=google.com; s=arc-20240605; b=BT2SpdtpdcUymAu+zw1QPIjMOfeq+jZe6PhSxgp3j1PS2YMJQUoveL87YiytdaIr6Y WuJnXZnLJPm4cIMI+7Hd1Fg9DGJpZ/5Tp0X4Yfd8d4GUZpvFxude7FmDqbXPOml4/ZkW EWpj1a/Se7yCxpnrTYgXHU76mHV8g4DazO4ESSoDw+E+o/a6RHM0K1oFCVJKgKWOpKIb I92/YHqex8+yOhUxPPLRUXh0IwKuVDaToOR8d5kWZj+YACikdWsODpy2lwSlkI0/VXaq krJQ3rqVQCLSyv6xWgiFr+xCbGlOZ3qKGMZYJ/5cBJtpjaHSyJ4vuMI/RxUVHeOb47Ez Y5/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=j0JpdRx7C5t6VnN27TeI+vS+l+1YbQAfkwd80NqgVuY=; fh=OzkpeIXgC7AZZREWW3FvRzfgjj55yMJrV9HuRff3RwE=; b=C2UCowWoBefNwIID9HQAb4Btt6fwII14ZUBdm4HKaYBB2WAJATxRiQPkPNr56I6xoC HB25Z4uXc+lYdF6hP0m+AYZQCifsgl/9TTS1pXchMGmk+M+NH9RWn9UhzpH9b05Whb7g C9cmJ2yYGvfZ1oBZ+kHVZZxC+qLT7N3qWrBibxFuOywY4nkh6zgKBLMN9egF0WssmLxA CtSy0QE8b6T0qcQZLlo5DpS8VxdiBTC05SqV3RXtkPtuSbOxpV3LE7C3Krk9nq0GDw1Y 9D1RlS66ap6gLWisabadGzMi8n7Ni/TPvUAzu27v19TKUzIDE6lfQ44FfKEcrKq818ry HsZQ==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774898340; x=1775503140; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=j0JpdRx7C5t6VnN27TeI+vS+l+1YbQAfkwd80NqgVuY=; b=KVkO9Xgi3eDFU9mRON9y7ArP7vEI3sDJqpbpq+WZFkeChW63lJm1dxx32kht/d7X83 7hrOKZPThd9l8gvX1ZkUDoClAXyU5cYqkkPBrLjzQBGq+LFzHG3jMV/3Sg9BnZGb2/10 bEuj+3kJZmVdOYI5g+spXuvAyxkkRJAO7EDATtKRZ0pkdkgQaV2bbWRdeke+TTja+AvS SguLW6BdJvWw6TZG3TX46ELkVnL2ZF4K6SiQt7lEt1KVyuDQKnbxkkXS6YBTW/FnTjt5 xSszKol+GLC7Al3QCqtO/ECxGU6CoM1o104ItGeFR9QGGnD4WXaEgaF4URNIEmcqmOQQ ocAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774898340; x=1775503140; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=j0JpdRx7C5t6VnN27TeI+vS+l+1YbQAfkwd80NqgVuY=; b=czhgxeIilsxFOtXs0Z+2GIdu1DZMEqwnqLlQutQccPUZzR9VhOYSw7n1RyG4k7b20M Mqx3U6uxTJeAtK8oPUFMU+a6mkakzXpX1v0hVm4k/k1PvMLpHyHKLyipyk2nyirmiSHG jcAKNhaCsi+838oYWRmOaOBSEGVT3ezcnWUGbRd7151YhT+Uj6R/UGiZY+FkxJeL6bM7 YsepShQYMRRZavbWEPjAEtpyI0RPN/67tRKTGpA902LlOd/fl2IzihMfDHjnph1iqxL6 G+eUq7sKtlBX4gYW/Tu1EWQ8Ea/vVLCKVMXP0TN1NFFDu+T1rQyuHrbkaoYWIbDXX5yz vhBQ== X-Forwarded-Encrypted: i=1; AJvYcCXIvIt8PNoNjDMrNIqz09D8Wn1p73+hNnaOFC3yNaHPD7O/WJu27Ty11BppG9+M2C2xmXqTZiCZsBwax3LqWuTs@freebsd.org X-Gm-Message-State: AOJu0YxPOXxnJGuEzogH1Byk82SycJlJNJQStT91a3o9z+PfvwNeaKKE 21hdXVia2LmXitnhsVFK9RpqQ0kwQGnrawLm4u7egNXTZlGJ2/MtVFeQ3S5vA+PlneXmJ8Xm10X 88z21WyoC4NSTOliemK8OIiiZnEtMqFc= X-Gm-Gg: ATEYQzwmfP68kzCeDZhvuhXqjCCPSUQwp0ShVEt9U3IWLa9Zjb369a5ecBmm0lbQJIJ l8plFx6CnONMEBo7UWrvo9v4ZJ1ZJg9OiaKoI6dQca2LZXHLyeGTQipVY9e+Oi8q3wW/rYnHSDr KzCHpyrKzu5QwVxmGhzmCg/Kt4woZX6D3edLYuVG1N710fR+8wSdXy40Hxfn4LRC1VWHMOiWKVY ojwnWm9ErW7XnPcjcwIgLTK6uXEzBxJWfP4mxmx+19p9UzVrCLeR38i07S1h3xUkZxfl/ANu+jT dEIAGPC1n/k26vHsxoxvYhMYbCiDVu8NtCeGTK+81vemHXItz7E66QnGwheWH6rSzfoj7uhd2Yw oaTw/FvYW3A670a37YdrihvaMUY/pEgNiTB3Q/ThhZpgXpbHx7Gt3jz3RTLdjttNfgBNqbLlAL8 OM4HCPQAyv+O9bpALt4EQ= X-Received: by 2002:a05:7301:1010:b0:2c1:83b4:e6f with SMTP id 5a478bee46e88-2c185c91214mr7397934eec.3.1774898339634; Mon, 30 Mar 2026 12:18:59 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 References: <2daa3b54-59b1-4bcd-afb5-8767fdd8c415@gmail.com> <03c13af8-bca5-4731-a4fd-92456db5bb7c@qeng-ho.org> <2a3701dcc067$38688290$a93987b0$@vestigocorp.com> <4edf0e50-1558-47ee-98d0-07ba01ce0948@alexburke.ca> <914b7a933d686c2c78443d7b2918eaee2c3d2d90.camel@riseup.net> <20260330200926.32357d9f@des.dorfdsl.de> <282aedc0c622a613e27f65741a041526558ca00d.camel@riseup.net> In-Reply-To: From: Luna Jernberg Date: Mon, 30 Mar 2026 21:18:47 +0200 X-Gm-Features: AQROBzAOr9bzxxGsWvA2HEyPyBMdn4z47l93AMwvdRrPuuBM_Ev_S8MTCb79pVA Message-ID: Subject: Re: FreeBSD forums hacked To: Ralf Mardorf , Luna Jernberg Cc: questions@freebsd.org, FreeBSD-security@freebsd.org, freebsd-chat@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4fl1JQ2v4Xz41vl X-Spamd-Bar: ---- hopefully the admins reset peoples passwords just in case, but guess most FreeBSD users randomly generate something per site Den m=C3=A5n 30 mars 2026 kl 21:18 skrev Luna Jernberg : > > Down here, also anyone know if they got any database or just defaced the = site? > > Den m=C3=A5n 30 mars 2026 kl 21:15 skrev Ralf Mardorf : > > > > A few minutes make all the difference. The site is up again. > > From nobody Mon Mar 30 19:19:42 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fl1KZ1Z6sz6XJl2 for ; Mon, 30 Mar 2026 19:20:02 +0000 (UTC) (envelope-from lobo@bsd.com.br) Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fl1KY3nf9z43Qt for ; Mon, 30 Mar 2026 19:20:01 +0000 (UTC) (envelope-from lobo@bsd.com.br) Authentication-Results: mx1.freebsd.org; none Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-b97e6e48b24so827013966b.2 for ; Mon, 30 Mar 2026 12:20:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774898394; cv=none; d=google.com; s=arc-20240605; b=B/Xn1DmWSM8Of1HKUIhKr5/HW2EE+ML57WbvaGMV72ftCfDiXBzD2+seoI4+JdzGfx qVAUEzkubVLwEpQ/KwSO+HxRHRoonhkGpsc4RFLA0I+qDap02OKYaLyPfmJVhaKyjZkB 18XBYY2CxQwgg++CGF6WGxFwzPtB+usInPTXBkUsaGeO3O5SqIrVOcixOmnlQ054RZyI bG+oO8FubekHJVPKt1rMOOR02djy6kyTnZng8uGQIXL+KR/6KxLG7/6Lg9NTt/0MLdY/ SBXv59V2RseG/UMe+YpMjXFdjIJszn1DEkWplIrS+AFwwG3NfResEZD2tGtuyBw7H/3X 5ANQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=EHbT3G5YWbKOpVgXzAfpNVSc8X9dgOmmB9o9w3gDn90=; fh=ggUiQ9KvtPhRF0tUw2wCZeqq75WvGVecCLTPPyRwlDs=; b=NXQkivuNVO+yg9k6febd9L78Cp0I9gJnk7Vua+1X0dIj1K5qn3YtSjfVOuNzBDniqf iyzR8+Khe9i7QIPxPwM1Z91IgSiD3/bgKfrgHkzjQbyRAi70zo/FKLjcYI3v4I/D8FF7 jxsvmG/joxKmEDIOqWeHp85+hxxb7KqgHn/cqq04aMyXlDPIDhHf3xdSbQyNUM5Ab4fp 9eLs0JQWDtAOkG1YlXyUIHijBiekc2Yh6/qkDU/hookc/sHDi7oStDoH/0E+kqguezai dxuis6EoG/mBZqh3VQFFj+0ALdLHvjsGLWRiiAftB+pv9MdzCGc6ERnJDn7idWa/DzjA 1Vfw==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsd.com.br; s=capeta; t=1774898394; x=1775503194; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=EHbT3G5YWbKOpVgXzAfpNVSc8X9dgOmmB9o9w3gDn90=; b=LnO8nhcc3KC6aujlBM6A7bYqDiBPobHK+s/3FjVXv20Lq9nH+GjTAD40O7EZ0qTAeg BbJ23sDyjR/A34pzS8nb1FiA+jzHfMIGAxwxdBrWIRAyRWXYQC8w6ix7rA42tTrvweLc 0UC661nqcJ+ogmW6zkPDP2T8YiNPoNLWyMFLA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774898394; x=1775503194; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=EHbT3G5YWbKOpVgXzAfpNVSc8X9dgOmmB9o9w3gDn90=; b=cCkIGqZ3eRIHqQDDDn02Qb3KESHUNDe5HbrFSBWp/xx5ksp1jWPBo9p9H0F5mgsSVp GYUa0LgMRRj47S4yRoVCNPeK6nBzZkVPIajH21L/vBnpXVeUcQIKvhfzz0FBcYD5WwfB JJ0YzaPWH5ykKRtuPfB1yoyn+T9xfjlUqLOTAT8kjhuQewHLrmR93bT2wT3wtrl0ukbq cmCFeezrLdkxAI/kGmGxkgVLLzjdycKes20NDxyAIHRVULI51benBNSu1xw/B2EDLCzn oh5+4bWIa+bxyc9U1H405zWknuhY/EtXeghaVWCtl/QQW6vkwlYTDPeR6rWUKUHpIbpy /z/Q== X-Forwarded-Encrypted: i=1; AJvYcCWEVmB8IC9HrSG5jRIL/f96fayG2TesV8ivdiGKhYwUMqdHDGhGUCd9+pvV7MoGvCEoY9KO8Jpo1zqT0q+b0XJ/@freebsd.org X-Gm-Message-State: AOJu0YwBtvtaybQwukVrz22Q3LFFNvQhSwM2z+IHALAxN1l0qHkMP6pq aRfqXBPL7kJb9RoqgolO9hyDTn+i6Izh908NvlqzeKjr+d0dfO/Gik393HaxzwLXQO09HS683YL KebNYRodNdxrlTgkGAfQxZqcXT9plFRMWiOVYR7AM0ZUYDOX6OZw= X-Gm-Gg: ATEYQzyI5mmnhIr2qMLgsovJw+yVBhAFPOJ9SRHiAOgAmjB03Lx1VzNlgqpJHzKSATT eAqL9WTvk4WD8K/ef3dBpbnw3SBkvqQNy9caiCzeq84l6u9WGi9lWk35xrjHRvp/5TsD5DeFoDU E7dXSEXbspJRB6nIBw4tBi6tufp2/z3Y9slb9Lvc/SuiuqtfuY7nqqZpl+Bimv153VAEPpmX84m FscQO47hgN3h+6jVsh2bZLXgvYrkiAqR6XE4ge1VDk198/1nNpOIc8WyKgMe/6QTCYFZ1DOXRT2 lYy+DoP5CFhNZEQcK4urFA6oyT6xUw== X-Received: by 2002:a17:907:9614:b0:b9b:e5d:71d0 with SMTP id a640c23a62f3a-b9b5098bb2bmr887861766b.53.1774898394091; Mon, 30 Mar 2026 12:19:54 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 References: <2daa3b54-59b1-4bcd-afb5-8767fdd8c415@gmail.com> <03c13af8-bca5-4731-a4fd-92456db5bb7c@qeng-ho.org> <2a3701dcc067$38688290$a93987b0$@vestigocorp.com> <4edf0e50-1558-47ee-98d0-07ba01ce0948@alexburke.ca> <914b7a933d686c2c78443d7b2918eaee2c3d2d90.camel@riseup.net> <20260330200926.32357d9f@des.dorfdsl.de> <282aedc0c622a613e27f65741a041526558ca00d.camel@riseup.net> In-Reply-To: From: Mario Lobo Date: Mon, 30 Mar 2026 16:19:42 -0300 X-Gm-Features: AQROBzDfkHPN5OP2Axu1-KmkP_oEiXXDpreKTaXHOSgaNoTGYIpJoeirKIz5zkw Message-ID: Subject: Re: FreeBSD forums hacked To: Luna Jernberg Cc: Ralf Mardorf , "freebsd-questions@freebsd.org" , FreeBSD-security@freebsd.org, freebsd-chat@freebsd.org Content-Type: multipart/alternative; boundary="0000000000004add2b064e42bc31" X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Queue-Id: 4fl1KY3nf9z43Qt X-Spamd-Bar: ---- --0000000000004add2b064e42bc31 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Still down here. Mario Lobo http://www.mallavoodoo.com.br FreeBSD since version 2.2.8 [not Pro-Audio.... YET!!] On Mon, Mar 30, 2026, 16:18 Luna Jernberg wrote: > Down here, also anyone know if they got any database or just defaced the > site? > > Den m=C3=A5n 30 mars 2026 kl 21:15 skrev Ralf Mardorf >: > > > > A few minutes make all the difference. The site is up again. > > > > --0000000000004add2b064e42bc31 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Still down here.

Mario Lobo
http://www.mallavoodoo.com.br=
FreeBSD since version 2.2.8 [not Pro-Audio.... YET!!]

On Mon, Mar 30, 2026, 16:18 Luna Jernberg <droidbittin@gmail.com> wrote:<= br>
Down here, also anyone know if they= got any database or just defaced the site?

Den m=C3=A5n 30 mars 2026 kl 21:15 skrev Ralf Mardorf <ralf-mardorf= @riseup.net>:
>
> A few minutes make all the difference. The site is up again.
>

--0000000000004add2b064e42bc31-- From nobody Tue Mar 31 04:41:23 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4flFp50ngNz6X9JX for ; Tue, 31 Mar 2026 04:42:05 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com [IPv6:2001:4860:4864:20::33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4flFp45ZmWz44kn for ; Tue, 31 Mar 2026 04:42:04 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Authentication-Results: mx1.freebsd.org; none Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-41c4d660b19so1631733fac.1 for ; Mon, 30 Mar 2026 21:42:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=net; t=1774932115; x=1775536915; darn=freebsd.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=2iG0BhvtyEgHoHNCRMYwmlrZeQeAcaHC9XkLscSFN8M=; b=MWXqeXUfFjkNJTFaBMC1kqTcx0KjOghSJUei4bjTeakoohqzp5/fIZ1GSncUtbGxAC zcBD6VcYl3IaUqknLO5mVMJKo6MdmBoPRU/vi5SBG2yRvZrtX71mrxayPbohgcilFqaI WnCN9KstiCOOYtVz7NmMm696RcYsbFpefGHw0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774932115; x=1775536915; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=2iG0BhvtyEgHoHNCRMYwmlrZeQeAcaHC9XkLscSFN8M=; b=GWqUQz45LKw3vgOtDYc4erxmn+xcV4YodDqCZiMbYvmO/KY3XBsKF3mARaOa42BA3j jrPhuYsqhTEFNKkaRFkNcM+conhtwiD9ozwMmp50TlqT+1YDlcwSgfx63LhqFWf3AqVe NKQZUwa2oeafXPMHSPBiKnXGdvmyfv8N/88NOmNLSsDklsXYDtdZ9UMfkZZVep6WCMZI eXfzfAxPt3rqjMg4VjrbljWMpjrAr2g3RuuUmo/QW9Xa6z77J6ekpXP6eJS6Tb2K72Lu fm5rQtO0Hk6rguyKdQfu96LJB/YYs2B6FZ5RyIbHlnLUAXmz0wButBy0tQJA134V3gYC VAOw== X-Gm-Message-State: AOJu0Yw7iVCBUMc0t/W6/46vbINACZ3M856YtX+I7axpQmKBr7T+0Vb+ U/jAgwLVfMnPcBDw6unLxuZ4y/gJsi+Rd4XZDjke1/1EBjM72eSwK4tyFjRaL4JlknxKbJUftqC /rOvG X-Gm-Gg: ATEYQzyEriIEMUgoWEJMd6kXMzDdW5lM8wboYgWLBTT4o+YFwdzZgKKpEuAnwD4aeXI 5kthbqSZkEYEr5oZQmTt23DInobaK0Jn5xDlbrZqbk+orSt8sSeaoo8Ell45DP8SLSpGTzpvpuD 85tupJv7OAwyATEtyPSDKs9tg2vDQ7qeijFJV4+fk+y3mFMpdC+yfZbyYpBek1VJi+hiqoMDJJW gnrtNv+UaNw+edLCDg7STlDIenQ5qUuASXufEzOSO+1GEonboa5nF8DMAkGjaMDV4VV/WdHZ9Gm Lyp868nmBuh5kObhG0c56+Arn6v5GQtfjH8F4iwT35RVSlpFj5+0w3BzDkMrTeR+ump3Qaq6XvV ssanjK4nGk4/fx9NE1G/PiRgvnKC5VcQM/yApNT0erxiLeIZStqrfEMOOAj/ZYVWBpvGVOMOVhv 33jGsQ48AvcJZFUBMMfkuaT9CPztxQig6xP1zSzQrqW7JjyJ9T1D86DnRg7A== X-Received: by 2002:a05:6870:9692:b0:41c:1036:84b with SMTP id 586e51a60fabf-41cec338636mr7242727fac.39.1774932115373; Mon, 30 Mar 2026 21:41:55 -0700 (PDT) Received: from smtpclient.apple ([2603:6000:c900:2031:411:ff5b:8ae6:498d]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-41d04cf9ceesm6670738fac.15.2026.03.30.21.41.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 21:41:54 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: "J. Hellenthal" List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org Mime-Version: 1.0 (1.0) Subject: Re: Forums hacked or defaced Date: Mon, 30 Mar 2026 23:41:23 -0500 Message-Id: <30D4111F-B7D5-4B11-A541-76658EBB5B2B@dataix.net> References: <04d9e055-b0a4-47d5-b24c-0f06b379d937@brothersofgrey.net> Cc: freebsd-security@freebsd.org In-Reply-To: <04d9e055-b0a4-47d5-b24c-0f06b379d937@brothersofgrey.net> To: Klaus X-Mailer: iPhone Mail (23E246) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2001:4860:4864::/48, country:US] X-Rspamd-Queue-Id: 4flFp45ZmWz44kn X-Spamd-Bar: ---- Hopefully they didn't have TurboTax 2025 installed. ::wink::::wink:: --=20 J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a= lot about anticipated traffic volume. > On Mar 30, 2026, at 12:39, Klaus wrote: >=20 > =EF=BB=BFHi, this appeared on the freebsd-chat list. The FreeBSD Forum is i= ndeed defaced right now. >=20 > -------- Forwarded Message -------- > Subject: Forums hacked or defaced > Date: Mon, 30 Mar 2026 16:29:33 +0000 > From: Alexandre O. de Almeida > To: freebsd-chat@freebsd.org >=20 > Hi, >=20 > it seems like the forums have been defaced, not sure how, but it's loading= a webpage from a github repository which seems to include some TCP SYN floo= d scripts. =46rom my understanding, the TCP DDoS is not enabled yet (no para= ms passed to the call to the github html page), but the frontpage is just re= placed with embeds to a github repo: >=20 > github.com/cassbethany10-afk/test123 >=20 >=20 From nobody Tue Mar 31 08:52:18 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4flMM80qH1z6WTRy for ; Tue, 31 Mar 2026 08:52:36 +0000 (UTC) (envelope-from droidbittin@gmail.com) Received: from mail-dy1-x132e.google.com (mail-dy1-x132e.google.com [IPv6:2607:f8b0:4864:20::132e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4flMM73BvQz3Vkp for ; Tue, 31 Mar 2026 08:52:35 +0000 (UTC) (envelope-from droidbittin@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-dy1-x132e.google.com with SMTP id 5a478bee46e88-2c15849aa2cso5703492eec.0 for ; Tue, 31 Mar 2026 01:52:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774947152; cv=none; d=google.com; s=arc-20240605; b=K0lCXgFFGb4tCZ6z1x4LMpoX68IdUvri8XstwyFSBcP4Dh4Sjaud7Z4Hg2urT6ZhOi 5gGLi99ce5/cU53Z2lUgxYYKgOjYj6wCqtDIP1J9TbKLR7iAEevoyIxjx58ov7DSr8YA kiYSU/rBG/PNq82WvpFgm5gMT5p1Ku0WmioEG/rFKwpkfmSZWmVXLLzhIf41ZzaAaJ3t C/VJcRKN4sres9Ji+kO+s3m9EOT9pd6msCJmwYynxc3wqen1rR/Kd1/uN/1AfkVo+iRH G3Q/zQG34ts+j/coqBmfxjROzRO/+Jorou6T8MUJ6fzFw1cSEUVvkKA6q57BlB6M7BBM najg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Wnr3QxySwr4g7LX/WsXE43cpgA/QLvHH8pNhL0EZcCA=; fh=fIGrhTbA4vi4LHliyj/mQcUYohnfMbbbBR1HElthMGs=; b=LmoFOIK72icq4e8rjRYM3bRIs7hI+jAct+RN5Gk3JFUlkjarODQTO528narciBR+UR 6T5BlSWPqI66WL0iPBqaImau+V0Rxkz3iw5RinNd+hMuHQxDP8bPNpOtDFLf76pESyo8 NY4RywtZvf6lxhvKOc5cVtbvDbXGlkV5j8DABeV8ghYtOgg3DcEltLWSmbHeUD4pPT/5 NdtevfqKxFtzd/OB25QyBXsDybCYXoxvMtymM9qxi8fv4YlgeH4aaOQ0UAr7Fm/Z36S4 wBVtScyfpiJofTFgkaENIZSy/2fBfJWojn+dJX99UVI2NilF8oKIFGivt3LIEldoDYAq KKWA==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774947152; x=1775551952; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Wnr3QxySwr4g7LX/WsXE43cpgA/QLvHH8pNhL0EZcCA=; b=gI2yr3dbBPogtmDw2OREIF/N5AEcr7pfFmAr2rFupufi5qWN9mJB7w0kBD5Voab6bf lyKA/BgrnBCpyIkucvWt/e8Tk5wyTW5IcAMq+DfmqBj6amMoq+fT8xlShSb0K32Y8IfR eb6CjjdABUxj21KbNLL0vOxHnydG5o8EmjtIfbUUWRN01kuaHOL3ZENZhdrA2WO6QsQV 8uMZIJQbkfNlhyEQZR2u8NOKyBbcAWu/4HKEgaVbLDgorpwqL6fYAz56J1Y2RYJ+Vihs yUwrWnEDh4ZnstviMsddrgGEAcqm0LOjPQRgbKYqCXSN7Xrrx/J3j08q2U2jVABnbdJ6 AgpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774947152; x=1775551952; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Wnr3QxySwr4g7LX/WsXE43cpgA/QLvHH8pNhL0EZcCA=; b=AOqotO1sJ6u0tB7EZeOYQcx+23R2/oPX+JZ0d3B/CoDbTD8VpWAE8X7Thy72eQusUs jIbblUPxLly/JTzBFKJeUN6V1Xp2hLocZPyz/iTUuhtNhhmd3v6Oy7WsS1Yn4QC3SHH0 UgfjtJMN5W0tR7Kwu9cb2Hzq4OkdSrqEyJD6yBwk0DuCP7rso4M7hM5I4ND7I20VVEjt lfO1Z27AOb1Nq6pqr20KBT5a0MAlFpeFBa44Z+Miktiq+DPYRQVAQgtMT/jkEEz61bXq G0eIcy/O1MQhYWzkemn6YTautWgMdNCPa6T2KGkG4P1K0vd8qVxmPlYkyBkJT0fYOgCU KujA== X-Forwarded-Encrypted: i=1; AJvYcCVEXsKJi/KP9Jr6UqF/HWY2mhn4IKpuvIKEdurqZh5hYdTp64ejTetnbscFxXYBj68vhakrw4zoFYSkRKGjDymi@freebsd.org X-Gm-Message-State: AOJu0YxhLBM1qkWWEDt35JzRomVdNYpiRBpMKKiv/fGsKFj1qPAkTsnn lkmK735Q1srZ+dNd0WznFjZuCGgVmbRXSWyNMzxj7SyOZhYRzoTIr6RRXthfEIbNwOydRYwAnlX nhxpDBMJA9DYeNH2M+KkoG8ajIz5fZJ4= X-Gm-Gg: ATEYQzxbuakUi7GqC9T4jMsjqBvS6I6hm+ahO8h7F3hub16Nem63AKPBUgNMjBt6ZOg eUZnKumIF+NQbCPSWtMy2K2peoaLHIckuwppAjW3UXYgTMXYy2qalLimMWGzBO2OA6ZINir5yKT uoTGHoiTwZHL5a/i4ggQEYSDlqLBZnSM+uMSoLkosBglr+HyhPWecEtBA3jfiy7+TS4ns4ASxmY Lqpez9SHg8mJAVAwwCBtKFalY0S0ZrptzpV9sZ5M6Zzp1c3xF0ALfpOg47gra+IUGJIPsu6cx6s 3H7xl6qn/WMxNnFuSoSutV0dE9h6BV1u0hGIJJmBua3EodYYS0XGo7tX3n0Bs8I1llCD1MEzePb QgeCMdjSeI4Utf4yO62z+Ey0Z/Z7H8jQKIOXx0xHEypT+uaTaEgiYDjJpDlKkFVkPEsQR9ZjS3p xlwgmpm4KY7Y+uyPGIEDw= X-Received: by 2002:a05:693c:2b13:b0:2c0:c55c:1574 with SMTP id 5a478bee46e88-2c185e06cbamr8116994eec.21.1774947152204; Tue, 31 Mar 2026 01:52:32 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 References: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> In-Reply-To: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> From: Luna Jernberg Date: Tue, 31 Mar 2026 10:52:18 +0200 X-Gm-Features: AQROBzDga0xTPDi_yCYECxe6jMk2SrkXYqC46Vn4PtcPlPnkSN52fHRhAmFy0LY Message-ID: Subject: Re: Forums hacked or defaced To: "Alexandre O. de Almeida" Cc: freebsd-chat@freebsd.org, FreeBSD-security@freebsd.org, Luna Jernberg Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4flMM73BvQz3Vkp X-Spamd-Bar: ---- https://forums.freebsd.org/threads/forum-outage.102193/#post-752543 Den m=C3=A5n 30 mars 2026 kl 18:37 skrev Alexandre O. de Almeida : > > Hi, > > it seems like the forums have been defaced, not sure how, but it's loadin= g a webpage from a github repository which seems to include some TCP SYN fl= ood scripts. From my understanding, the TCP DDoS is not enabled yet (no par= ams passed to the call to the github html page), but the frontpage is just = replaced with embeds to a github repo: > > github.com/cassbethany10-afk/test123 > From nobody Tue Mar 31 08:52:36 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4flMMS4qbbz6WSw5 for ; Tue, 31 Mar 2026 08:52:52 +0000 (UTC) (envelope-from droidbittin@gmail.com) Received: from mail-dy1-x1335.google.com (mail-dy1-x1335.google.com [IPv6:2607:f8b0:4864:20::1335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4flMMR5tcWz3WGp for ; Tue, 31 Mar 2026 08:52:51 +0000 (UTC) (envelope-from droidbittin@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-dy1-x1335.google.com with SMTP id 5a478bee46e88-2c88992d77dso77217eec.1 for ; Tue, 31 Mar 2026 01:52:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774947169; cv=none; d=google.com; s=arc-20240605; b=IM6wZm6hLEciYTrTP3lkCzG8wbuN1c2/xPILC3Ohp/qjLnXEXnECt9DsK7AsIJr9WD E7ojvZpfL0427Vs8+SGELz0OjUWP3EGBy4FV/wKR+D6LkNzygOZWF2oqGKeZErNTjeYw AYITd8sLuyugreZCquGGrAycc+4AmsR54lYvzZ9aB+9pE+F2/jixJ+mR7neM/QKK9FxY 8wzRdVTBxqMg1MTc7iAsosSoL+X8H3ldVooUZioiUFUegAg9w/ULz4ZiZ8peijAbbML2 BBmfOZ5ZUtLkl6xffgKfsm0CGd0cMtlzdJE++mtIfUx87pneC00FIRIstOhncG6ONpUQ zg9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=9ygJJifr8tiZI+DXGeg3PE1bdQBaNzWPoAbiNv2Z034=; fh=EVErH5aMkihxv2SqsdgN/WQNGFsoXuu/22bOUVifdMY=; b=foMp8afjVU/+oP6BffLHzyHzjxoW2YAmbnet+DutR0ubqvmfxsQBB40tuu1/nSXrMK 0upvZASMyNtaoRS42PcN5lC4rlH8jnn/vRXBLNQjZPfdJZuHiK2HHVUNAbwj9GhDXtYl 7q9ca8PSIzqVwcECUXRdf/ZgFw11wm9TuI/BW6/q1laERxR598s3SsEwFHNq+SfeTNQ5 5q3p2P/17Q2DZywj5qOGwz9GSkOb4JnRIz1WigdTEuOk9TuMp7GUiczioNH5hj5Fk8TI 3iJ1qklwNiioV560Bt+QQR7CU/cykpugh79/+ru1TzJ/MVbluFAmzs78mpwumoyIkOIt XPqg==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774947169; x=1775551969; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=9ygJJifr8tiZI+DXGeg3PE1bdQBaNzWPoAbiNv2Z034=; b=MJOVImaBoafB7/z855t+AGI4Jv8oNHUGt0celSRBOWf5BvzAT5AVwNhWG0nEsNtp1y Wkx8U1hKPJwZ1ZwDgTNdHvEeMVBEBQUG/O9/+oUPuoutmThH2ktNCtcxUP2aCAkUn9iX 5HpsDRzwGB002lyR0ljmNyvH3QSBB5cbte4BGKTaEEImRe39UZhnUtG3Q7Ox5DytJ3lo AEeC3t8yg5UG3ppbIxyRIXK5wAZbzk3kVNRkFo1xnXeyKIwy7b664XYDKEdWG/sOmYCF j7eR9dqK/7KPvqdjcnHdoNvwi7ScPZolPSb2h/kc93J2L3YZAW59BoKMAHF/qkHvLc9i Mi5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774947169; x=1775551969; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=9ygJJifr8tiZI+DXGeg3PE1bdQBaNzWPoAbiNv2Z034=; b=FanpscMNDqn7sDBjivaNGLoZS0ToSoWGYOOZUHtgvosyeij5Pq6TmwqF6HXOQa0FtP ydsK+ZDL0aJkT5xJY5h+OmamF6Qbtv88YV/jJj/reXV1wPw2rZKt79yNH0x4t69jKhEm UeyifQkrTsxF5QRmjzb1whzAjVXKKEygDcysFsENcZiOKjHnIfKL9BBWyXPgPmm6wvBk i3SLU3kJybSNb+i8HOdgmffYkfEcWqNnUQtXpeQlXtZYSYiNlCUxCt0vKRaSkqJkdCeN pprS85RHleTfQd3S6v3m+gcc+UZKVruZ7JSEMxIml5ifXJ0tK4heJai2q4cNvApVtGbR H1+w== X-Forwarded-Encrypted: i=1; AJvYcCUz2n/t3+BEwUjt686ZPqv1zB2AHULW23bEArxm2saGyrLZRGsqdIsRpvHuOj3RfLB2kX9BdNhEuhXoR4gpi4t3@freebsd.org X-Gm-Message-State: AOJu0YxiZIPBiXgcXG6sEL2g/WkdO4FhJaXSlo9B3Q48I3Oj42EZv3As 7P7TL7T+TCe/SzzBBrPNwz4hQxf3XlUtDVxIEg3MWV5anrhAfvkFl3j3msIBZ6OyBF8RnWgc9pZ Emfoh0qCNDbdBJIwahtfggTQOb7nBTBI= X-Gm-Gg: ATEYQzy4hx27D1YhSq7CgXpMkrD136kInwJLFDgZsUd97RYKk7557rYqFUpww9t4EAQ 10BaxKR7x0nwg7U4j5WvJbpfYB+u+ku98mBHuwOPSUGJwiBgNSSyxkbaoYq8wtxSBTbUY5PJulA UDfyzMtwdHu50kkt6o3HP3h8gJVwtJQKcRZch7zYVCnEiOD3pL9P/Dw6TrvOFhbkxp65tVEhZiY mSitX6uZI4Wj+KuFzjAe/ijDH4YlnA+0JMMTUq/t2hb5WN+EJn1NsZ31v1YqJxQLwnoRyuQTBo7 n5P+06/QdVU87QGoIOOPv1HNrVqPUrKN1O7btk/9xUJyymmVMUqAOBuScVcj9w34bkyKy0jrNCB dk/vlqRZYCq6Nnvrv7RG0k5MhE2oBXKWZpIsdn8UOAii6HgatlCWlA9GehSQ8V59uJZs+LAUu+X u//GtXlpaewITigBt5fms= X-Received: by 2002:a05:7301:7c01:b0:2be:b20a:9b69 with SMTP id 5a478bee46e88-2c7bcb2ef8bmr1189687eec.12.1774947169427; Tue, 31 Mar 2026 01:52:49 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 References: <2daa3b54-59b1-4bcd-afb5-8767fdd8c415@gmail.com> <03c13af8-bca5-4731-a4fd-92456db5bb7c@qeng-ho.org> <2a3701dcc067$38688290$a93987b0$@vestigocorp.com> <4edf0e50-1558-47ee-98d0-07ba01ce0948@alexburke.ca> <914b7a933d686c2c78443d7b2918eaee2c3d2d90.camel@riseup.net> <20260330200926.32357d9f@des.dorfdsl.de> <282aedc0c622a613e27f65741a041526558ca00d.camel@riseup.net> In-Reply-To: From: Luna Jernberg Date: Tue, 31 Mar 2026 10:52:36 +0200 X-Gm-Features: AQROBzCZU4dEJn9YgzQfRfAU37pI-8H7aYM8OhsoRh2BY0z0nX-cFaUJkCyB_x0 Message-ID: Subject: Re: FreeBSD forums hacked To: Mario Lobo Cc: Ralf Mardorf , "freebsd-questions@freebsd.org" , FreeBSD-security@freebsd.org, freebsd-chat@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4flMMR5tcWz3WGp X-Spamd-Bar: ---- https://forums.freebsd.org/threads/forum-outage.102193/#post-752543 Den m=C3=A5n 30 mars 2026 kl 21:19 skrev Mario Lobo : > > Still down here. > > Mario Lobo > http://www.mallavoodoo.com.br > FreeBSD since version 2.2.8 [not Pro-Audio.... YET!!] > > On Mon, Mar 30, 2026, 16:18 Luna Jernberg wrote: >> >> Down here, also anyone know if they got any database or just defaced the= site? >> >> Den m=C3=A5n 30 mars 2026 kl 21:15 skrev Ralf Mardorf : >> > >> > A few minutes make all the difference. The site is up again. >> > >> From nobody Tue Mar 31 16:48:03 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4flYvv619yz6WLGT for ; Tue, 31 Mar 2026 16:48:11 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mx5.roble.com", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4flYvv0jBxz42pV for ; Tue, 31 Mar 2026 16:48:11 +0000 (UTC) (envelope-from marquis@roble.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=roble.com header.s=rs060402 header.b=LN9qDbYF; dmarc=pass (policy=none) header.from=roble.com; spf=pass (mx1.freebsd.org: domain of marquis@roble.com designates 209.237.23.5 as permitted sender) smtp.mailfrom=marquis@roble.com Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id 17B082DF55 for ; Tue, 31 Mar 2026 09:48:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=roble.com; s=rs060402; t=1774975683; bh=JSgcpfGBZqByG3i2kMuak3KCXpT7p/g1lJLrfixKcmw=; h=Date:From:To:Subject:In-Reply-To:References; b=LN9qDbYFFA+2n85KDNnjmiln3WqAnsIzeRy0mIgIuV5wmmDZm4Iin3tH0xfZMrBMU MGQopNvBEfcmF80/BHW18cEpxGfqoHB/I4vsLynucM+sq3vS1W45apQy2KgoYRNxZj SfLncXjwBejy/XgW1pyudJj+uCkzF33ZYuDrnWCc= Date: Tue, 31 Mar 2026 09:48:03 -0700 (PDT) From: Roger Marquis To: FreeBSD-security@freebsd.org Subject: Re: FreeBSD forums hacked In-Reply-To: Message-ID: References: <2daa3b54-59b1-4bcd-afb5-8767fdd8c415@gmail.com> <03c13af8-bca5-4731-a4fd-92456db5bb7c@qeng-ho.org> <2a3701dcc067$38688290$a93987b0$@vestigocorp.com> <4edf0e50-1558-47ee-98d0-07ba01ce0948@alexburke.ca> <914b7a933d686c2c78443d7b2918eaee2c3d2d90.camel@riseup.net> <20260330200926.32357d9f@des.dorfdsl.de> <282aedc0c622a613e27f65741a041526558ca00d.camel@riseup.net> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spamd-Result: default: False [-3.80 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[roble.com,none]; R_DKIM_ALLOW(-0.20)[roble.com:s=rs060402]; R_SPF_ALLOW(-0.20)[+ip4:209.237.23.0/24]; ONCE_RECEIVED(0.20)[]; MIME_GOOD(-0.10)[text/plain]; MISSING_XM_UA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_ONE(0.00)[1]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:17403, ipnet:209.237.0.0/18, country:US]; MLMMJ_DEST(0.00)[FreeBSD-security@freebsd.org]; MID_RHS_MATCH_FROMTLD(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[roble.com:+] X-Rspamd-Queue-Id: 4flYvv0jBxz42pV X-Spamd-Bar: --- On Tue, 31 Mar 2026, Luna Jernberg wrote: > https://forums.freebsd.org/threads/forum-outage.102193/#post-752543 Ouch. Assuming XenForo's 3 week old 'critical security fix' was the culprit, do we know if these servers have sufficient CI/CD and QA environments? If not let me know, am happy to volunteer. Roger > Den m?n 30 mars 2026 kl 21:19 skrev Mario Lobo : >> >> Still down here. >> >> Mario Lobo >> http://www.mallavoodoo.com.br >> FreeBSD since version 2.2.8 [not Pro-Audio.... YET!!] >> >> On Mon, Mar 30, 2026, 16:18 Luna Jernberg wrote: >>> >>> Down here, also anyone know if they got any database or just defaced the site? >>> >>> Den m?n 30 mars 2026 kl 21:15 skrev Ralf Mardorf : >>>> >>>> A few minutes make all the difference. The site is up again. >>>> >>> > > > From nobody Tue Mar 31 17:02:44 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4flZDt0918z6WN0V for ; Tue, 31 Mar 2026 17:02:54 +0000 (UTC) (envelope-from polarian@polarian.dev) Received: from mail.polarian.dev (mail.polarian.dev [IPv6:2001:8b0:57a:2385::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4flZDs1M67z4610 for ; Tue, 31 Mar 2026 17:02:53 +0000 (UTC) (envelope-from polarian@polarian.dev) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=polarian.dev header.s=polarian header.b=q14qb+sl; dmarc=pass (policy=reject) header.from=polarian.dev; spf=pass (mx1.freebsd.org: domain of polarian@polarian.dev designates 2001:8b0:57a:2385::8 as permitted sender) smtp.mailfrom=polarian@polarian.dev DKIM-Signature: v=1; a=rsa-sha256; c=simple/relaxed; d=polarian.dev; s=polarian; t=1774976565; bh=nz1vyrkIG1XJD4l6CC2Xv3tUpD9KJnNv2QVOUazhvm4=; h=Date:From:To:Subject:In-Reply-To:References; b=q14qb+slCwIbFM+z7W73Z8emX04hry2Gu6K3ROBJFjgv+t+RNzeKaxynWEE1T1eIZ 3pC212doT6qt0kjDQFYST/EA4WOVJNJDkBk0ZJGAaiTRCz9e1kzeUSA2U8yGx1eWkd f3X8tR67UlJxvMexDJDeWbDGfykgyRzqbudNqVoM= Date: Tue, 31 Mar 2026 18:02:44 +0100 From: Polarian To: freebsd-security@freebsd.org Subject: Re: FreeBSD forums hacked Message-ID: <20260331180244.05a3e3e0@Hydrogen> In-Reply-To: References: <2daa3b54-59b1-4bcd-afb5-8767fdd8c415@gmail.com> <03c13af8-bca5-4731-a4fd-92456db5bb7c@qeng-ho.org> <2a3701dcc067$38688290$a93987b0$@vestigocorp.com> <4edf0e50-1558-47ee-98d0-07ba01ce0948@alexburke.ca> <914b7a933d686c2c78443d7b2918eaee2c3d2d90.camel@riseup.net> <20260330200926.32357d9f@des.dorfdsl.de> <282aedc0c622a613e27f65741a041526558ca00d.camel@riseup.net> X-Mailer: Claws Mail 4.4.0 (GTK 3.24.51; amd64-portbld-freebsd15.0) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.50 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; MID_RHS_NOT_FQDN(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[polarian.dev,reject]; R_SPF_ALLOW(-0.20)[+ip6:2001:8b0:57a:2385::8]; R_DKIM_ALLOW(-0.20)[polarian.dev:s=polarian]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:20712, ipnet:2001:8b0::/34, country:GB]; RCPT_COUNT_ONE(0.00)[1]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[polarian.dev:+] X-Rspamd-Queue-Id: 4flZDs1M67z4610 X-Spamd-Bar: --- Hey, > Ouch. Assuming XenForo's 3 week old 'critical security fix' was the > culprit, do we know if these servers have sufficient CI/CD and QA > environments? If not let me know, am happy to volunteer. FreeBSD infrastructure is maintained by the cluster team. However the forums is ran by a third party. Take care, -- Polarian Jabber/XMPP: polarian@icebound.dev From nobody Wed Apr 1 17:10:40 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fmBMg4nn7z6Y92f for ; Wed, 01 Apr 2026 17:10:55 +0000 (UTC) (envelope-from yevhenii.kurtov@gmail.com) Received: from mail-yx1-xb132.google.com (mail-yx1-xb132.google.com [IPv6:2607:f8b0:4864:20::b132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fmBMf2Gg6z4633 for ; Wed, 01 Apr 2026 17:10:54 +0000 (UTC) (envelope-from yevhenii.kurtov@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20251104 header.b=aazerIsQ; dmarc=pass (policy=none) header.from=gmail.com; arc=pass ("google.com:s=arc-20240605:i=1"); spf=pass (mx1.freebsd.org: domain of yevhenii.kurtov@gmail.com designates 2607:f8b0:4864:20::b132 as permitted sender) smtp.mailfrom=yevhenii.kurtov@gmail.com Received: by mail-yx1-xb132.google.com with SMTP id 956f58d0204a3-6501c4857b2so7034619d50.3 for ; Wed, 01 Apr 2026 10:10:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775063452; cv=none; d=google.com; s=arc-20240605; b=dYFtsEOppZtiZ30r7plIRg8Dv1DZxFpFiRaQCq+aTFetxQNabHr1r8IBZBUO9qJk4w 2R1C5pMXF3YdrcTxmzeil6x0HJn0e4JVtoWIsaH/HgwLJOBUvUzDS1EGumFi4r+sMTU8 5Z/4wAevfm6LKgHFifyaa8pAZgiEnouyMoKuo4EMifGJkZcY5pifv+6/5RuFisJqTiHf V3kCTdnzIF1PCLp8UdlFn2Sbkx/pxNQNEaflemgAwd43ET94HwQnbimKkj6MIebwzyVG 56U2m6jw+i1hQzy+IGpucR3AUlGqcjOrkL6How5HW9wjjPF+i9lYgtteJO+zQWBQsZ44 yceg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=goCFbwzPnAcKz/vLX4TOd/9lsPjxT8/4GAygAdKazZk=; fh=8X/fzy6oRkinpO/u1+30mH2eQUCHV465yZU8zsG9ReM=; b=GmtTgQ99lyFxUEwxMjuiAVJ/H8bAlP1FbWDHA9iGOv2r5eyMXL4rOF51eiXo02g2uf e4jPjzOFb7xD4/nsh4Yw4ITb8OB/K97qJsk7630jptc8h/XQyjDiWmX7+YbbQfui5O6c 7hji8GD3Twy2cEu8Yq3uVNMUpNtZSeXdDdwIJptCH3xOTv0ZKA2aOHFaU4MnzgqVK0x4 ZxD+AXHmMZku7+lgB5eWxS+8FuVDa80zFp1dkykjf39RbSV84M5NTF8V51Ak0DaHlvS8 DivRbZ5l1KOTgEpqRbECkIv8VC0ExG2x1tj9vFFfIU0+FgloOh2kPOS2HgH4G5dxrDs2 A4HQ==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775063452; x=1775668252; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=goCFbwzPnAcKz/vLX4TOd/9lsPjxT8/4GAygAdKazZk=; b=aazerIsQcyxbVMd/kBXU6kxLezjywWfBNVF2nv/cDptHLczkaLeKtuBs93E5lZbEVa iF2YXLqYhKAYC8jO72kRzfIf0UBwF1TkAUMCRRamvkWQoc5irPOtsHD+JRzq9JNnAsVT LuVAfzuxu5Ic5f3uxOuG9jheeXXq8O3KbrVNH14vy1i9F5maxcQse7YIjLWXq8dWPTJB u8lh46JvAice3HRHrVUP5BIB7/OogHdqs9/4aH4YKKZlOjR6PUGmqjJsu9S+HuITwfk1 8gQheGDYhBN9Qk1ZzUAgsreNsVnbDrt5y1fXYGWyTVnoEAfLF7LwrRAzH3PJ2l3vfOUp B3UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775063452; x=1775668252; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=goCFbwzPnAcKz/vLX4TOd/9lsPjxT8/4GAygAdKazZk=; b=iwROgnITJ8Aioxnl7MjQ7kA+WYWJB1jxrlDbdA+YRJAXMW89t6nMa78AEyOq7j+ogi beuD3Bs7psO7Uc4eeuuYksnCrnCboR8/9kJiA2gGMowAXZ/cVHMn44bXtcOBue0ksKUq Op4DoN9ziK3R/P2X61KZZCuMGeeSKEUbzzTOAy21f0MsrMUDW+yWpGbOK9bHBvqujJPo fvfBn2x49ina37bulLCkCJK/voFdCUL8uvgPcgRb8zihYfxiilJdeTNsYsgsL2Mlw3Oc FO2cDRak8SiCKxENWuwj4fI6Lw+wPjWI4GxJqXSHm4wLPPv7aiQw6e2ygk/+Imd7W7Du yPTQ== X-Gm-Message-State: AOJu0YwPZvY6qZsr9m/VoH2QkI0HA+9vtCtVniZkDlctA11GchKb2xf8 A6rufZJG/Zf/ogNwZ2qGUUbbCBTeb8PYNVN+3T30IPqVPl6WHUJd4HTjGTn7RPYw32/j23YSjxi PGoDt614WRiGvR+q3S0To7R4pFoP5cPI0AmZV X-Gm-Gg: ATEYQzwakEYYzou75OQjbUfH74SFAajUW5PeUsBSrDVYLf188RS+MO9CjJjGHIElHRA FiISCKWCLLAZrBxzg4he19Wxmetk6MDVGQ1ZNV2UFt67bVclWhaSwn0gcTip2WplhEJZ3+vJm1h UlvpsHTYDv2TzHmyUXr6SLBQtRzkXgO0ZWWMG8Ikq8pyHsudKN1dSkU7vK2Dp6zOXcWgsoYAe5D vMia5nIPIPaQJlOOIlY5HJTZ6wg8hqZgYULdnMmBagikSknCSrcJg2MB33y9MXEmrSr4q5nEqzP q+j3K5n+R96jX1Lea/RubYlnqxKWa2BNiT6vFGjdNxVlJq5+Zx+pkC2/on52HERvmw== X-Received: by 2002:a53:bb4e:0:b0:64e:8cde:814d with SMTP id 956f58d0204a3-6502fdd2b43mr3311905d50.17.1775063451925; Wed, 01 Apr 2026 10:10:51 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 From: Yevhenii Kurtov Date: Wed, 1 Apr 2026 18:10:40 +0100 X-Gm-Features: AQROBzDi9iI05sZne9xQECIYV08cIa1Div9Qf9x7XrfZskNP0mBVdhGRgM6ul9U Message-ID: Subject: Blackhat LLMs wake up call? To: freebsd-security@freebsd.org Content-Type: multipart/alternative; boundary="00000000000081813c064e692ad0" X-Spamd-Result: default: False [-4.00 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; ARC_ALLOW(-1.00)[google.com:s=arc-20240605:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; NEURAL_HAM_SHORT(-1.00)[-0.997]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20251104]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4864::/56:c]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FREEMAIL_ENVFROM(0.00)[gmail.com]; TAGGED_FROM(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROMTLD(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::b132:from] X-Rspamd-Queue-Id: 4fmBMf2Gg6z4633 X-Spamd-Bar: --- --00000000000081813c064e692ad0 Content-Type: text/plain; charset="UTF-8" Hi, Given the torrent of infosec news describing the progress LLMs make on the security front I want to ask if there is something very real coming onto us for which we should prepare. Here is my context: https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked - an essay suggesting that security research economics now allows LLM kiddies to produce 0-days. Frontier LLM exploiting RCE in the latest FBSD https://github.com/califio/publications/tree/main/MADBugs/CVE-2026-4747 Presentation from the guy contributed to the above https://www.youtube.com/watch?v=1sd26pWhfmg. Even though he obviously has a bias, he's still probably one of the most informed people on the planet. Best, Yevhenii --00000000000081813c064e692ad0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,=C2=A0

Given the torrent of infosec = news describing the progress LLMs make on the security front I want to ask = if there is something very real coming onto us for which we should prepare.=

Here is my context:=C2=A0

https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is= -cooked - an essay suggesting that security=C2=A0research economics now= allows LLM kiddies to produce 0-days.=C2=A0

Front= ier LLM exploiting RCE in the latest FBSD https://github.com/calif= io/publications/tree/main/MADBugs/CVE-2026-4747

Presentation from the guy contributed to the above https://www.youtube.com/watch?v=3D1sd26= pWhfmg. Even though he obviously has a bias, he's still probably on= e of the most informed people on the planet.=C2=A0


Best,
Yevhenii
--00000000000081813c064e692ad0--