From nobody Tue Mar 31 04:41:23 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4flFp50ngNz6X9JX for ; Tue, 31 Mar 2026 04:42:05 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-oa1-x33.google.com (mail-oa1-x33.google.com [IPv6:2001:4860:4864:20::33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4flFp45ZmWz44kn for ; Tue, 31 Mar 2026 04:42:04 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Authentication-Results: mx1.freebsd.org; none Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-41c4d660b19so1631733fac.1 for ; Mon, 30 Mar 2026 21:42:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=net; t=1774932115; x=1775536915; darn=freebsd.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=2iG0BhvtyEgHoHNCRMYwmlrZeQeAcaHC9XkLscSFN8M=; b=MWXqeXUfFjkNJTFaBMC1kqTcx0KjOghSJUei4bjTeakoohqzp5/fIZ1GSncUtbGxAC zcBD6VcYl3IaUqknLO5mVMJKo6MdmBoPRU/vi5SBG2yRvZrtX71mrxayPbohgcilFqaI WnCN9KstiCOOYtVz7NmMm696RcYsbFpefGHw0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774932115; x=1775536915; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=2iG0BhvtyEgHoHNCRMYwmlrZeQeAcaHC9XkLscSFN8M=; b=GWqUQz45LKw3vgOtDYc4erxmn+xcV4YodDqCZiMbYvmO/KY3XBsKF3mARaOa42BA3j jrPhuYsqhTEFNKkaRFkNcM+conhtwiD9ozwMmp50TlqT+1YDlcwSgfx63LhqFWf3AqVe NKQZUwa2oeafXPMHSPBiKnXGdvmyfv8N/88NOmNLSsDklsXYDtdZ9UMfkZZVep6WCMZI eXfzfAxPt3rqjMg4VjrbljWMpjrAr2g3RuuUmo/QW9Xa6z77J6ekpXP6eJS6Tb2K72Lu fm5rQtO0Hk6rguyKdQfu96LJB/YYs2B6FZ5RyIbHlnLUAXmz0wButBy0tQJA134V3gYC VAOw== X-Gm-Message-State: AOJu0Yw7iVCBUMc0t/W6/46vbINACZ3M856YtX+I7axpQmKBr7T+0Vb+ U/jAgwLVfMnPcBDw6unLxuZ4y/gJsi+Rd4XZDjke1/1EBjM72eSwK4tyFjRaL4JlknxKbJUftqC /rOvG X-Gm-Gg: ATEYQzyEriIEMUgoWEJMd6kXMzDdW5lM8wboYgWLBTT4o+YFwdzZgKKpEuAnwD4aeXI 5kthbqSZkEYEr5oZQmTt23DInobaK0Jn5xDlbrZqbk+orSt8sSeaoo8Ell45DP8SLSpGTzpvpuD 85tupJv7OAwyATEtyPSDKs9tg2vDQ7qeijFJV4+fk+y3mFMpdC+yfZbyYpBek1VJi+hiqoMDJJW gnrtNv+UaNw+edLCDg7STlDIenQ5qUuASXufEzOSO+1GEonboa5nF8DMAkGjaMDV4VV/WdHZ9Gm Lyp868nmBuh5kObhG0c56+Arn6v5GQtfjH8F4iwT35RVSlpFj5+0w3BzDkMrTeR+ump3Qaq6XvV ssanjK4nGk4/fx9NE1G/PiRgvnKC5VcQM/yApNT0erxiLeIZStqrfEMOOAj/ZYVWBpvGVOMOVhv 33jGsQ48AvcJZFUBMMfkuaT9CPztxQig6xP1zSzQrqW7JjyJ9T1D86DnRg7A== X-Received: by 2002:a05:6870:9692:b0:41c:1036:84b with SMTP id 586e51a60fabf-41cec338636mr7242727fac.39.1774932115373; Mon, 30 Mar 2026 21:41:55 -0700 (PDT) Received: from smtpclient.apple ([2603:6000:c900:2031:411:ff5b:8ae6:498d]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-41d04cf9ceesm6670738fac.15.2026.03.30.21.41.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Mar 2026 21:41:54 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: "J. Hellenthal" List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org Mime-Version: 1.0 (1.0) Subject: Re: Forums hacked or defaced Date: Mon, 30 Mar 2026 23:41:23 -0500 Message-Id: <30D4111F-B7D5-4B11-A541-76658EBB5B2B@dataix.net> References: <04d9e055-b0a4-47d5-b24c-0f06b379d937@brothersofgrey.net> Cc: freebsd-security@freebsd.org In-Reply-To: <04d9e055-b0a4-47d5-b24c-0f06b379d937@brothersofgrey.net> To: Klaus X-Mailer: iPhone Mail (23E246) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2001:4860:4864::/48, country:US] X-Rspamd-Queue-Id: 4flFp45ZmWz44kn X-Spamd-Bar: ---- Hopefully they didn't have TurboTax 2025 installed. ::wink::::wink:: --=20 J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a= lot about anticipated traffic volume. > On Mar 30, 2026, at 12:39, Klaus wrote: >=20 > =EF=BB=BFHi, this appeared on the freebsd-chat list. The FreeBSD Forum is i= ndeed defaced right now. >=20 > -------- Forwarded Message -------- > Subject: Forums hacked or defaced > Date: Mon, 30 Mar 2026 16:29:33 +0000 > From: Alexandre O. de Almeida > To: freebsd-chat@freebsd.org >=20 > Hi, >=20 > it seems like the forums have been defaced, not sure how, but it's loading= a webpage from a github repository which seems to include some TCP SYN floo= d scripts. =46rom my understanding, the TCP DDoS is not enabled yet (no para= ms passed to the call to the github html page), but the frontpage is just re= placed with embeds to a github repo: >=20 > github.com/cassbethany10-afk/test123 >=20 >=20