From nobody Mon Mar 30 17:38:17 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fkz4H3Ypwz6X8Bx for ; Mon, 30 Mar 2026 17:38:23 +0000 (UTC) (envelope-from thorres@brothersofgrey.net) Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (3072 bits) client-digest SHA256) (Client CN "mout.kundenserver.de", Issuer "Telekom Security ServerID OV Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fkz4F7567z3dWb for ; Mon, 30 Mar 2026 17:38:21 +0000 (UTC) (envelope-from thorres@brothersofgrey.net) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=brothersofgrey.net header.s=s1-ionos header.b=fG11OFo4; dmarc=pass (policy=none) header.from=brothersofgrey.net; spf=pass (mx1.freebsd.org: domain of thorres@brothersofgrey.net designates 212.227.126.130 as permitted sender) smtp.mailfrom=thorres@brothersofgrey.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brothersofgrey.net; s=s1-ionos; t=1774892299; x=1775497099; i=thorres@brothersofgrey.net; bh=P8D36fWJ3BTlTZmttBqLhhd+bhTiC7UxS1S1bPxtaXk=; h=X-UI-Sender-Class:Message-ID:Date:MIME-Version:Subject: References:To:From:In-Reply-To:Content-Type: Content-Transfer-Encoding:cc:content-transfer-encoding: content-type:date:from:message-id:mime-version:reply-to:subject: to; b=fG11OFo4Hru+kaQYp4sOOE3RRyTvnJxef+rDFle56XRgT9SYqam+bQVw1pdJz1u6 kYAYFx5Ch3xykn5weCMA35wHCadlcyKMYGROyEgUSsUzXQj1RuDz1BK3VoXKeBzwZ HoHwL6TL395e/kpEZEzYfriGvhs3jyBgrtrc9oNvmM5zL/RrTm+cycq0lxSddcC0J a0mlrOHZvOkOgueXhZbBPp9XZPitqm83jHQ1UZM2XLb6BAlViqswWl9qlpdkMSoXM cJOm7DkhrAAVvhMALmCe68Ao80lPSJAHtHW+fn9q011FYJHbfOgnknZN4qKQAawTT JJevZ+MuByiFsniXTA== X-UI-Sender-Class: 55c96926-9e95-11ee-ae09-1f7a4046a0f6 Received: from client.hidden.invalid by mrelayeu.kundenserver.de (mreue009 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MXY2Z-1w1Vxs2wqF-00J7Mx for ; Mon, 30 Mar 2026 19:38:19 +0200 Message-ID: <04d9e055-b0a4-47d5-b24c-0f06b379d937@brothersofgrey.net> Date: Mon, 30 Mar 2026 19:38:17 +0200 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Fwd: Forums hacked or defaced References: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> Content-Language: en-US, de-DE To: freebsd-security@freebsd.org From: Klaus In-Reply-To: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> X-Forwarded-Message-Id: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:yCZpc+nPhyvjerdcZBN3KUMhLSlR7m/qUhOy9Z55ey2whKdRPS8 qZ5D3tBWoA6YEyiLtL9ylIGpS46dJz9Xc8gjOixvQ6NPWXjbRJH1LrcIzZ0QMIKV2yQHd/I BT7d3WJKFv5Z9MQkAV9OtwGZVYsEAKWKvCcAhXtcl+NjT7DgLJGs0kL9PMRPEAgVRqMk+k4 yrLvRRgA8si6mjz2vdg+Q== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:KQm5deCxDeM=;1nfPWl5ngHL2LTqpzi6ybhAHdv6 C5DiIbzbIBM/fUwZwjuFHROPKmFByMF7g7K39RrmHsFVoiXufmLkxNimMG8d5zynu8NURdwOf c14ZAgEb/wstlJQA7SD5FY+1TbCdvRy9lZlfQEAUVmaFE7kH+oAQcmmkMNco7u5KIWHX47Bmx URcRHNRiGD9f8m2SQTjk8LPl/Qrt0PqwoHmZZ/SmVCU2cx0uSgCy8hN8qB7Qo61KeiKL8lvFW Z907iHh3141f22xRa/DR2nhJ46mZGKwW3xighlyRV9l0vQJJzgcqjruqpV0Bcja2Keh41jWIX 7xUEhp1jfxCGFAxhzBqJUYu3tXSzqzi8r7WNGQ5qNE9OFmjl6TmP5bpz/50L2ZfqBfywraNv5 XGPt6zpdfmCR19FJ1bKbY/CvbislPafUBdKy6gJ5R+68cV/DH3FOEfkJzfF+oN+Z4dEfoMTtb Y6NGu4BNNVbYglrfH/GSciAMP7YLkjbHgHbDzfPpuLo0kNdNXwK+b0C9rcS5HC3xhawGYX8JA UChcjR1g7ePdrj2Oj50JNMfTIkqcIrOx0sckColf+qIVlCv58PKMlEJ12HU8p/A7a90o+GKSl +LoR5ubJ9vWNoY0VFYn+EsNd2GE9fUpyoVhKZXsO1P8KZtwony8beOLvUArdurrVF0dkuyqMt a1hhO9vL1QhSfXOJ55bzM34oc6+ulrUzG7XLQ8EI6LouFshGYDlmzk1CyIYhr1SEVhf9fBh49 2wy1b6OpivgPoLUMSYiviY8xrCFsCW0vS7esvj6bpVeGTV3J1xc8s4HG/NJaxA+tNTbiyMkkc h3RcIhN/wH7oI2gVNVP9RuHa9n4+8Uxl4EnWL88/ZtzkZ3JGqOtzctEWduKz2GRlE68HV0Uz6 7JKTGgA3MvNlvxVLkm5TOEFKjI4PhM+9AOAY8opw3JmWAFxP8gwqXUc/mmsIqO4u3mpbrgZj2 15Do60R67Cun0hZx4gc8zzyojen4YIi+q2/kVcT4FOgCMaYMgCOWBvmsK5eXK8A4t/60+Dy7i L0mgFBSEQxbVeNU2oP0PNt1ArfhV47q+RteaO0e0aNepUdM85+gek2WqulEf3JflYbNZpesbI 1IeBwHwxMh0Rj1Wd+ymX6xH4cOFNeLvOsKk9MnP8bHGoh67CR9RRTQGkZquiqaDumzn7sT0Q9 rnW/uiI0A8TxvRv5kqc7sHyZs624wH7sp5CcRjDo+h0QzDNEb5saeFIMCL9paOczjIUw0bksf Suemd/hd2SVJgFDT02uS9TaLmk0pwuwpMSzo7oT/7ptC3cNhKaB5zH9BKK8u/YzMobyc8JufJ dReXkL0vytqaT8x+ktQPpKrtseYp2TWJRNZKp7bp+O2zf2qNGcclNdyxsQsLB/EuxvV3w2faU QHNrjHTUVJ5JqoNjPOvqjk6EFa72ntCm80uQlfBJug3ltp/luzvJME+IV386IxiobTyy9C0wB BpiLgVC84h7799lwkEqBpCHijqKzBX2IKhTCnJaEIZRjcAKI66CD90CXkgJ75rvPpvwdT51mM EIGQJ+OZw/WMDxzSfPW5I+hp4xmI7++PZR3a6PQqQ3Z9fuGrppb0BXZQMDBUEMrae/Ej/3OHv jT1rV11cwudOjd96TLNHalEGhKxhih619i0g4nUPehJA71tG7fLyNd8vgsc3cPXrB1reLXxNJ yMAODI5TU1jQYHAVseJ5mgJafPIgsEGnoCaBiIkSNzt+MzmWK99BUNjKIBAPmlRO8r7QtiXwx nnDpv3iXdf0AE5/obD947nrL9lyAzJ84OGgJtK1bbE2oz5C/d3+ArfufJI4MdJHBzipun+2cu 3c8JFR469YwnM8uRdgWnm/fcaNZGjV5ejP4+z8INUhi5ue8= X-Spamd-Result: default: False [-3.93 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.93)[-0.934]; DMARC_POLICY_ALLOW(-0.50)[brothersofgrey.net,none]; R_DKIM_ALLOW(-0.20)[brothersofgrey.net:s=s1-ionos]; RWL_MAILSPIKE_VERYGOOD(-0.20)[212.227.126.130:from]; ONCE_RECEIVED(0.20)[]; R_SPF_ALLOW(-0.20)[+ip4:212.227.126.128/25]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_ONE(0.00)[1]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[212.227.126.130:from]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; DKIM_TRACE(0.00)[brothersofgrey.net:+] X-Rspamd-Queue-Id: 4fkz4F7567z3dWb X-Spamd-Bar: --- Hi, this appeared on the freebsd-chat list. The FreeBSD Forum is indeed=20 defaced right now. =2D------- Forwarded Message -------- Subject: Forums hacked or defaced Date: Mon, 30 Mar 2026 16:29:33 +0000 From: Alexandre O. de Almeida To: freebsd-chat@freebsd.org Hi, it seems like the forums have been defaced, not sure how, but it's=20 loading a webpage from a github repository which seems to include some=20 TCP SYN flood scripts. From my understanding, the TCP DDoS is not=20 enabled yet (no params passed to the call to the github html page), but=20 the frontpage is just replaced with embeds to a github repo: github.com/cassbethany10-afk/test123