From nobody Tue Mar 31 08:52:18 2026 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4flMM80qH1z6WTRy for ; Tue, 31 Mar 2026 08:52:36 +0000 (UTC) (envelope-from droidbittin@gmail.com) Received: from mail-dy1-x132e.google.com (mail-dy1-x132e.google.com [IPv6:2607:f8b0:4864:20::132e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4flMM73BvQz3Vkp for ; Tue, 31 Mar 2026 08:52:35 +0000 (UTC) (envelope-from droidbittin@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-dy1-x132e.google.com with SMTP id 5a478bee46e88-2c15849aa2cso5703492eec.0 for ; Tue, 31 Mar 2026 01:52:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1774947152; cv=none; d=google.com; s=arc-20240605; b=K0lCXgFFGb4tCZ6z1x4LMpoX68IdUvri8XstwyFSBcP4Dh4Sjaud7Z4Hg2urT6ZhOi 5gGLi99ce5/cU53Z2lUgxYYKgOjYj6wCqtDIP1J9TbKLR7iAEevoyIxjx58ov7DSr8YA kiYSU/rBG/PNq82WvpFgm5gMT5p1Ku0WmioEG/rFKwpkfmSZWmVXLLzhIf41ZzaAaJ3t C/VJcRKN4sres9Ji+kO+s3m9EOT9pd6msCJmwYynxc3wqen1rR/Kd1/uN/1AfkVo+iRH G3Q/zQG34ts+j/coqBmfxjROzRO/+Jorou6T8MUJ6fzFw1cSEUVvkKA6q57BlB6M7BBM najg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Wnr3QxySwr4g7LX/WsXE43cpgA/QLvHH8pNhL0EZcCA=; fh=fIGrhTbA4vi4LHliyj/mQcUYohnfMbbbBR1HElthMGs=; b=LmoFOIK72icq4e8rjRYM3bRIs7hI+jAct+RN5Gk3JFUlkjarODQTO528narciBR+UR 6T5BlSWPqI66WL0iPBqaImau+V0Rxkz3iw5RinNd+hMuHQxDP8bPNpOtDFLf76pESyo8 NY4RywtZvf6lxhvKOc5cVtbvDbXGlkV5j8DABeV8ghYtOgg3DcEltLWSmbHeUD4pPT/5 NdtevfqKxFtzd/OB25QyBXsDybCYXoxvMtymM9qxi8fv4YlgeH4aaOQ0UAr7Fm/Z36S4 wBVtScyfpiJofTFgkaENIZSy/2fBfJWojn+dJX99UVI2NilF8oKIFGivt3LIEldoDYAq KKWA==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774947152; x=1775551952; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Wnr3QxySwr4g7LX/WsXE43cpgA/QLvHH8pNhL0EZcCA=; b=gI2yr3dbBPogtmDw2OREIF/N5AEcr7pfFmAr2rFupufi5qWN9mJB7w0kBD5Voab6bf lyKA/BgrnBCpyIkucvWt/e8Tk5wyTW5IcAMq+DfmqBj6amMoq+fT8xlShSb0K32Y8IfR eb6CjjdABUxj21KbNLL0vOxHnydG5o8EmjtIfbUUWRN01kuaHOL3ZENZhdrA2WO6QsQV 8uMZIJQbkfNlhyEQZR2u8NOKyBbcAWu/4HKEgaVbLDgorpwqL6fYAz56J1Y2RYJ+Vihs yUwrWnEDh4ZnstviMsddrgGEAcqm0LOjPQRgbKYqCXSN7Xrrx/J3j08q2U2jVABnbdJ6 AgpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774947152; x=1775551952; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Wnr3QxySwr4g7LX/WsXE43cpgA/QLvHH8pNhL0EZcCA=; b=AOqotO1sJ6u0tB7EZeOYQcx+23R2/oPX+JZ0d3B/CoDbTD8VpWAE8X7Thy72eQusUs jIbblUPxLly/JTzBFKJeUN6V1Xp2hLocZPyz/iTUuhtNhhmd3v6Oy7WsS1Yn4QC3SHH0 UgfjtJMN5W0tR7Kwu9cb2Hzq4OkdSrqEyJD6yBwk0DuCP7rso4M7hM5I4ND7I20VVEjt lfO1Z27AOb1Nq6pqr20KBT5a0MAlFpeFBa44Z+Miktiq+DPYRQVAQgtMT/jkEEz61bXq G0eIcy/O1MQhYWzkemn6YTautWgMdNCPa6T2KGkG4P1K0vd8qVxmPlYkyBkJT0fYOgCU KujA== X-Forwarded-Encrypted: i=1; AJvYcCVEXsKJi/KP9Jr6UqF/HWY2mhn4IKpuvIKEdurqZh5hYdTp64ejTetnbscFxXYBj68vhakrw4zoFYSkRKGjDymi@freebsd.org X-Gm-Message-State: AOJu0YxhLBM1qkWWEDt35JzRomVdNYpiRBpMKKiv/fGsKFj1qPAkTsnn lkmK735Q1srZ+dNd0WznFjZuCGgVmbRXSWyNMzxj7SyOZhYRzoTIr6RRXthfEIbNwOydRYwAnlX nhxpDBMJA9DYeNH2M+KkoG8ajIz5fZJ4= X-Gm-Gg: ATEYQzxbuakUi7GqC9T4jMsjqBvS6I6hm+ahO8h7F3hub16Nem63AKPBUgNMjBt6ZOg eUZnKumIF+NQbCPSWtMy2K2peoaLHIckuwppAjW3UXYgTMXYy2qalLimMWGzBO2OA6ZINir5yKT uoTGHoiTwZHL5a/i4ggQEYSDlqLBZnSM+uMSoLkosBglr+HyhPWecEtBA3jfiy7+TS4ns4ASxmY Lqpez9SHg8mJAVAwwCBtKFalY0S0ZrptzpV9sZ5M6Zzp1c3xF0ALfpOg47gra+IUGJIPsu6cx6s 3H7xl6qn/WMxNnFuSoSutV0dE9h6BV1u0hGIJJmBua3EodYYS0XGo7tX3n0Bs8I1llCD1MEzePb QgeCMdjSeI4Utf4yO62z+Ey0Z/Z7H8jQKIOXx0xHEypT+uaTaEgiYDjJpDlKkFVkPEsQR9ZjS3p xlwgmpm4KY7Y+uyPGIEDw= X-Received: by 2002:a05:693c:2b13:b0:2c0:c55c:1574 with SMTP id 5a478bee46e88-2c185e06cbamr8116994eec.21.1774947152204; Tue, 31 Mar 2026 01:52:32 -0700 (PDT) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.org MIME-Version: 1.0 References: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> In-Reply-To: <71866fb5b59668f1413d2083c7edfb109fb950ba@aoalmeida.com> From: Luna Jernberg Date: Tue, 31 Mar 2026 10:52:18 +0200 X-Gm-Features: AQROBzDga0xTPDi_yCYECxe6jMk2SrkXYqC46Vn4PtcPlPnkSN52fHRhAmFy0LY Message-ID: Subject: Re: Forums hacked or defaced To: "Alexandre O. de Almeida" Cc: freebsd-chat@freebsd.org, FreeBSD-security@freebsd.org, Luna Jernberg Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4flMM73BvQz3Vkp X-Spamd-Bar: ---- https://forums.freebsd.org/threads/forum-outage.102193/#post-752543 Den m=C3=A5n 30 mars 2026 kl 18:37 skrev Alexandre O. de Almeida : > > Hi, > > it seems like the forums have been defaced, not sure how, but it's loadin= g a webpage from a github repository which seems to include some TCP SYN fl= ood scripts. From my understanding, the TCP DDoS is not enabled yet (no par= ams passed to the call to the github html page), but the frontpage is just = replaced with embeds to a github repo: > > github.com/cassbethany10-afk/test123 >