Date: Tue, 31 Mar 2026 00:38:27 +0200 From: "Peter 'PMc' Much" <pmc@citylink.dinoex.sub.org> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD forums hacked Message-ID: <acr7Y_LvK7TaEkuj@disp.intra.daemon.contact> In-Reply-To: <4edf0e50-1558-47ee-98d0-07ba01ce0948@alexburke.ca>
index | next in thread | previous in thread | raw e-mail
Alexander Burke wrote: > Only if JavaScript is enabled. Otherwise, no defacement is visible. Thanks for the confirmation. That was the impression I got, but when I got that far to switch off JS in the browser, target was already offline. Besides, it was a beautiful hack. The greeting was friendly, the Russian(?) singer was inspiring, over all a very nice work. I tried to figure out what was written on the page in Cyrillic (cut&paste didn't work), but only got to the first word (which seemed to resemble "pornofilmy"). Anybody got more? Besides, I think we really need to think about the discrimination of the Slavic people. Marco Moock wrote: > For me, it shows > Forum upgrade in progress. FIRST, It may show anything your localhost sends. For now, the DNS tells this: root@edge:~ # dig -t ANY forums.freebsd.org ... ;; ANSWER SECTION: forums.freebsd.org. 60 IN RRSIG AAAA 8 3 60 20260413093756 20260330155100 50326 freebsd.org. ... forums.freebsd.org. 60 IN AAAA ::1 forums.freebsd.org. 3600 IN RRSIG TXT 8 3 3600 20260409000528 20260325122003 50326 freebsd.org. ... forums.freebsd.org. 3600 IN TXT "v=spf1 ip4:162.223.10.29 ip4:84.22.108.242 ip6:2607:fc50:0:15::1b9 ip6:2a02:2770:6:0:21a:4aff:fe6d:b94 mx ~all" forums.freebsd.org. 3600 IN RRSIG MX 8 3 3600 20260409061617 20260326102003 50326 freebsd.org. ... forums.freebsd.org. 3600 IN MX 10 forums.freebsd.org. forums.freebsd.org. 60 IN RRSIG A 8 3 60 20260414011206 20260330155100 50326 freebsd.org. ... forums.freebsd.org. 60 IN A 127.0.0.1 Fancily, the SPF record still give us the correct IP, and with these we still get into the Forum. (I am currently logged in, and I really don't see any point in killing the DNS.) SECOND, even with the forum being offline, you may see in the browser something else. That is because the forum installs a so-called "Service Worker" into your browser. A "service worker" is basically a piece of Javascript code that gets downloaded and inserted into your browser, and then stays there. This "service worker" then intercepts all your queries, and does with them whatever it seems fit. and whether it reaches the forum or not. And at least in Firefox it cannot be disabled or removed. I also just learned what that is (and I hate it). Anyway, with all my surfing around, the forums.freebsd.org is apparently the only site that has installed such a thing into my browser. But then also, the specs tell us, that "the modern user wants a web experience that is undisturbed by whether the target site is online or offline" - or some more of that bullshit bingo. In other words, the "modern user" is expected to just consume their continuous advertisement feed and keep sleeping. Another step into our modern classful society. Cheerio, PMchome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?acr7Y_LvK7TaEkuj>