From nobody Mon Mar 30 22:38:27 2026 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fl5tt19cVz6XflF for ; Mon, 30 Mar 2026 22:45:42 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "uucp.dinoex.sub.de", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fl5tr4g7xz3H4N for ; Mon, 30 Mar 2026 22:45:40 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Authentication-Results: mx1.freebsd.org; dkim=none; arc=pass ("uucp.dinoex.org:s=M20221114:i=1"); dmarc=none; spf=pass (mx1.freebsd.org: domain of pmc@citylink.dinoex.sub.org designates 2a0b:f840::12 as permitted sender) smtp.mailfrom=pmc@citylink.dinoex.sub.org Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840:0:0:0:0:0:12]) by uucp.dinoex.org (8.18.2/8.18.2) with ESMTPS id 62UMj7Qs098936 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Tue, 31 Mar 2026 00:45:08 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) ARC-Seal: i=1; a=rsa-sha256; d=uucp.dinoex.org; s=M20221114; t=1774910710; cv=none; b=C3vcsajKO19gMvh2BM15blRdmsWKDTKbE5HuEV9570KsBb8XxJzDGa8LzYHT4MZFtHZihMTjixNq/EpMTLHQiCZZuB8MBKdj3N4rqj+CZyFu1KB45mUfYZ1RNgjTzpjqzkYPwroTYhNTr6y5KxPfoo0RvmBJ/omIdmrBHaa2tMw= ARC-Message-Signature: i=1; a=rsa-sha256; d=uucp.dinoex.org; s=M20221114; t=1774910710; c=relaxed/simple; bh=1FerewGLnj0FEdugOq8oGPhwJWQIO3JR1AjBX9bwXq0=; h=Received:Received:Received:Received:X-Authentication-Warning:Date: From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition:In-Reply-To:X-Milter:X-Greylist; b=fhvKRucj6Em5VjvrMGuiwSFq9soB24aCKQXvt3YX7L8x0vggc5kMI8erCbxaRIWNOQRP4zzUv1tXGyKcdDIZfQi0r0kQ+09oaUyXDx+InKWkIBDPywMdUMeMpBihPw6XcK2iEweF45nxt2+hNtgP9XTuy5IQ7K5iMFh6D52kgJ8= ARC-Authentication-Results: i=1; uucp.dinoex.org X-MDaemon-Deliver-To: Received: (from uucp@localhost) by uucp.dinoex.org (8.18.2/8.18.2/Submit) with UUCP id 62UMj7Sj098935 for freebsd-questions@freebsd.org; Tue, 31 Mar 2026 00:45:07 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) Received: from disp.intra.daemon.contact (disp-e.intra.daemon.contact [IPv6:fd00:0:0:0:0:0:0:112]) by admn.intra.daemon.contact (8.18.1/8.18.1) with ESMTPS id 62UMdwEA091579 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK) for ; Tue, 31 Mar 2026 00:39:59 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) Received: from disp.intra.daemon.contact (localhost [127.0.0.1]) by disp.intra.daemon.contact (8.18.1/8.18.1) with ESMTPS id 62UMcROV030767 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Tue, 31 Mar 2026 00:38:27 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) Received: (from pmc@localhost) by disp.intra.daemon.contact (8.18.1/8.18.1/Submit) id 62UMcREO030766 for freebsd-questions@freebsd.org; Tue, 31 Mar 2026 00:38:27 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) X-Authentication-Warning: disp.intra.daemon.contact: pmc set sender to pmc@citylink.dinoex.sub.org using -f Date: Tue, 31 Mar 2026 00:38:27 +0200 From: "Peter 'PMc' Much" To: freebsd-questions@freebsd.org Subject: Re: FreeBSD forums hacked Message-ID: List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4edf0e50-1558-47ee-98d0-07ba01ce0948@alexburke.ca> X-Milter: Spamilter (Reciever: uucp.dinoex.org; Sender-ip: 0:0:2a0b:f840::; Sender-helo: uucp.dinoex.org;) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (uucp.dinoex.org [IPv6:2a0b:f840:0:0:0:0:0:12]); Tue, 31 Mar 2026 00:45:10 +0200 (CEST) X-Spamd-Result: default: False [-4.16 / 15.00]; ARC_ALLOW(-1.00)[uucp.dinoex.org:s=M20221114:i=1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-0.95)[-0.947]; NEURAL_HAM_SHORT(-0.92)[-0.917]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; HAS_XAW(0.00)[]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:205376, ipnet:2a0b:f840::/32, country:DE]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; DMARC_NA(0.00)[sub.org]; RCVD_COUNT_FIVE(0.00)[5]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1] X-Rspamd-Queue-Id: 4fl5tr4g7xz3H4N X-Spamd-Bar: ---- Alexander Burke wrote: > Only if JavaScript is enabled. Otherwise, no defacement is visible. Thanks for the confirmation. That was the impression I got, but when I got that far to switch off JS in the browser, target was already offline. Besides, it was a beautiful hack. The greeting was friendly, the Russian(?) singer was inspiring, over all a very nice work. I tried to figure out what was written on the page in Cyrillic (cut&paste didn't work), but only got to the first word (which seemed to resemble "pornofilmy"). Anybody got more? Besides, I think we really need to think about the discrimination of the Slavic people. Marco Moock wrote: > For me, it shows > Forum upgrade in progress. FIRST, It may show anything your localhost sends. For now, the DNS tells this: root@edge:~ # dig -t ANY forums.freebsd.org ... ;; ANSWER SECTION: forums.freebsd.org. 60 IN RRSIG AAAA 8 3 60 20260413093756 20260330155100 50326 freebsd.org. ... forums.freebsd.org. 60 IN AAAA ::1 forums.freebsd.org. 3600 IN RRSIG TXT 8 3 3600 20260409000528 20260325122003 50326 freebsd.org. ... forums.freebsd.org. 3600 IN TXT "v=spf1 ip4:162.223.10.29 ip4:84.22.108.242 ip6:2607:fc50:0:15::1b9 ip6:2a02:2770:6:0:21a:4aff:fe6d:b94 mx ~all" forums.freebsd.org. 3600 IN RRSIG MX 8 3 3600 20260409061617 20260326102003 50326 freebsd.org. ... forums.freebsd.org. 3600 IN MX 10 forums.freebsd.org. forums.freebsd.org. 60 IN RRSIG A 8 3 60 20260414011206 20260330155100 50326 freebsd.org. ... forums.freebsd.org. 60 IN A 127.0.0.1 Fancily, the SPF record still give us the correct IP, and with these we still get into the Forum. (I am currently logged in, and I really don't see any point in killing the DNS.) SECOND, even with the forum being offline, you may see in the browser something else. That is because the forum installs a so-called "Service Worker" into your browser. A "service worker" is basically a piece of Javascript code that gets downloaded and inserted into your browser, and then stays there. This "service worker" then intercepts all your queries, and does with them whatever it seems fit. and whether it reaches the forum or not. And at least in Firefox it cannot be disabled or removed. I also just learned what that is (and I hate it). Anyway, with all my surfing around, the forums.freebsd.org is apparently the only site that has installed such a thing into my browser. But then also, the specs tell us, that "the modern user wants a web experience that is undisturbed by whether the target site is online or offline" - or some more of that bullshit bingo. In other words, the "modern user" is expected to just consume their continuous advertisement feed and keep sleeping. Another step into our modern classful society. Cheerio, PMc