The Gaming Den Forum Index The Gaming Den
Welcome to the Gaming Den.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Google
 Search WWW   Search tgdmb.com 
Looks like the SRD got hacked.

 
Post new topic   Reply to topic    The Gaming Den Forum Index -> In My Humble Opinion...
View previous topic :: View next topic  
Author Message
Wiseman
Duke


Joined: 09 Mar 2012
Posts: 1148
Location: lost... HELP!

PostPosted: Sat Aug 12, 2017 4:03 am    Post subject: Looks like the SRD got hacked. Reply with quote Add User to Ignore List

Apparently the d20 SRD has been hacked. Got some wierd and possibly mailcious message showing up when entering the site from the main entrance.
_________________
Check out my RP site!

Click here to see the hidden message (It might contain spoilers)
Back to top
View user's profile Send private message Visit poster's website
Surgo
Duke


Joined: 07 Mar 2008
Posts: 1887

PostPosted: Sat Aug 12, 2017 4:13 am    Post subject: Reply with quote Add User to Ignore List

All of that site network got hacked, including Ye Wikk (they took it over a while ago, ironically because I was tired of defending against exactly this).
_________________
http://www.dnd-wiki.org -- the wiki
Back to top
View user's profile Send private message
codeGlaze
Duke


Joined: 05 Oct 2011
Posts: 1076

PostPosted: Sun Aug 13, 2017 1:40 am    Post subject: Reply with quote Add User to Ignore List

Wait, the .org site?
Has it been considered abandoned?
_________________
Phlebotinum : fleh-bot-ih-nuhm A glossary of RPG/Dennizen terminology Favorite replies: [1]
nockermensch wrote:
Advantage will lead to dicepools in D&D. Remember, you read this here first!
Back to top
View user's profile Send private message
erik
Prince


Joined: 07 Mar 2008
Posts: 4929

PostPosted: Sun Aug 13, 2017 3:52 am    Post subject: Reply with quote Add User to Ignore List

I keep fighting the urge to visit the site to see... I don't know what. Thankfully my nonlizard brain portions are in enough control to interject and say "Wait, you hear a site is hacked with possible malicious attacks on visitors and your first impulse is to visit it? Are you that stupid?"
Back to top
View user's profile Send private message
Surgo
Duke


Joined: 07 Mar 2008
Posts: 1887

PostPosted: Sun Aug 13, 2017 6:00 am    Post subject: Reply with quote Add User to Ignore List

codeGlaze wrote:
Wait, the .org site?
Has it been considered abandoned?

It's certainly not abandoned, no. I just transferred ownership to the people behind d20srd.org.
_________________
http://www.dnd-wiki.org -- the wiki
Back to top
View user's profile Send private message
Mord
Master


Joined: 24 Apr 2014
Posts: 280

PostPosted: Wed Aug 16, 2017 5:16 pm    Post subject: Reply with quote Add User to Ignore List

If anyone was wondering - it's back up now.
Back to top
View user's profile Send private message
RobbyPants
Prince


Joined: 06 Aug 2008
Posts: 4470

PostPosted: Wed Aug 16, 2017 6:37 pm    Post subject: Reply with quote Add User to Ignore List

Mord wrote:
If anyone was wondering - it's back up now.
I was on my laptop last night, and I actually got up to grab my PHB from the other room rather than risk going to the SRD. Good to know.
Back to top
View user's profile Send private message
Judging__Eagle
Prince


Joined: 07 Mar 2008
Posts: 4568
Location: Lake Ontario is in my backyard; Canada

PostPosted: Thu Aug 17, 2017 7:24 pm    Post subject: Reply with quote Add User to Ignore List

I faound that the d20srd.org site wasn't affected at all by this specific event. The 40k Lexicanum wiki, and a bunch of other domains were affected, however.
_________________
Click here to see the hidden message (It might contain spoilers)
Back to top
View user's profile Send private message
Surgo
Duke


Joined: 07 Mar 2008
Posts: 1887

PostPosted: Thu Aug 17, 2017 9:18 pm    Post subject: Reply with quote Add User to Ignore List

d20srd.org was indeed affected, for a couple days it was entirely inaccessible.
_________________
http://www.dnd-wiki.org -- the wiki
Back to top
View user's profile Send private message
Judging__Eagle
Prince


Joined: 07 Mar 2008
Posts: 4568
Location: Lake Ontario is in my backyard; Canada

PostPosted: Thu Aug 17, 2017 11:22 pm    Post subject: Reply with quote Add User to Ignore List

Surgo wrote:
d20srd.org was indeed affected, for a couple days it was entirely inaccessible.


Odd, b/c it was accessible when the Lexicanum (et. al) defacement had happened and I was getting p4r4d0x cr3w's defacement page w Mads Mikkelsen on a bunch of other sites.
_________________
Click here to see the hidden message (It might contain spoilers)
Back to top
View user's profile Send private message
Wiseman
Duke


Joined: 09 Mar 2012
Posts: 1148
Location: lost... HELP!

PostPosted: Fri Aug 18, 2017 12:36 am    Post subject: Reply with quote Add User to Ignore List

It was on and off for a while.
_________________
Check out my RP site!

Click here to see the hidden message (It might contain spoilers)
Back to top
View user's profile Send private message Visit poster's website
Aryxbez
Knight-Baron


Joined: 15 Oct 2010
Posts: 977

PostPosted: Sun Aug 20, 2017 12:46 pm    Post subject: Reply with quote Add User to Ignore List

I don't really get why it would get hacked in the first place. What domains were tied to it that were worth the trouble of some hacking to be done?
_________________
What I find wrong w/ 4th edition: "I want to stab dragons the size of a small keep with skin like supple adamantine and command over time and space to death with my longsword in head to head combat, but I want to be totally within realistic capabilities of a real human being!" --Caedrus mocking 4rries

"the thing about being Mister Cavern [DM], you don't blame players for how they play. That's like blaming the weather. Weather just is. You adapt to it. -Ancient History
Back to top
View user's profile Send private message
Judging__Eagle
Prince


Joined: 07 Mar 2008
Posts: 4568
Location: Lake Ontario is in my backyard; Canada

PostPosted: Sun Aug 20, 2017 6:38 pm    Post subject: Reply with quote Add User to Ignore List

Aryxbez wrote:
I don't really get why it would get hacked in the first place. What domains were tied to it that were worth the trouble of some hacking to be done?


From what I gathered from the defacement page that went up on all of the domains, the hackers are trying to get the admin to tighten up a wide range of security faults that these hackers had been warning about, and defacing webpages, previously. Supposedly this was the second time something like this has happened, although it might have been the third; I can't recall the details of the defacement page.

The defacement page went on to inform the admins that they should clean up all backdoor access to their various domains, with a warning that they would delete all domains if the security holes that had been ID'd earlier weren't fixed up.

Truth be told, the reasons for the hack seem benign. If it was a malicious hack, content would have simply been deleted without any warning; even a partial deletion of wiki entries would be fairly severe to recover from. Instead, they posted a warning to the admin(s) regarding the nature of the hack, and incentive to prevent the domains from being compromised again.
_________________
Click here to see the hidden message (It might contain spoilers)


Last edited by Judging__Eagle on Sun Aug 20, 2017 6:42 pm; edited 3 times in total
Back to top
View user's profile Send private message
Wiseman
Duke


Joined: 09 Mar 2012
Posts: 1148
Location: lost... HELP!

PostPosted: Mon Aug 21, 2017 12:35 am    Post subject: Reply with quote Add User to Ignore List

That hardly seems benign. That's like breaking into someone's home, vandalizing some stuff, and then leaving a note saying "your locks suck, get new ones."
_________________
Check out my RP site!

Click here to see the hidden message (It might contain spoilers)


Last edited by Wiseman on Mon Aug 21, 2017 12:36 am; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website
JonSetanta
King


Joined: 07 Mar 2008
Posts: 5078
Location: interbutts

PostPosted: Mon Aug 21, 2017 2:41 am    Post subject: Reply with quote Add User to Ignore List

And that's why I saved the SRD to my laptop.
Back to top
View user's profile Send private message
Surgo
Duke


Joined: 07 Mar 2008
Posts: 1887

PostPosted: Mon Aug 21, 2017 3:25 am    Post subject: Reply with quote Add User to Ignore List

There wasn't any real reason for it I don't think, it was just an old school defacement. Shit like that used to happen all the time.
_________________
http://www.dnd-wiki.org -- the wiki
Back to top
View user's profile Send private message
RobbyPants
Prince


Joined: 06 Aug 2008
Posts: 4470

PostPosted: Mon Aug 21, 2017 11:30 am    Post subject: Reply with quote Add User to Ignore List

JonSetanta wrote:
And that's why I saved the SRD to my laptop.
How big is it?
Back to top
View user's profile Send private message
czernebog
NPC


Joined: 31 Aug 2011
Posts: 14

PostPosted: Mon Aug 21, 2017 12:31 pm    Post subject: Reply with quote Add User to Ignore List

RobbyPants wrote:
How big is it?


It used to be that, if you kicked a few bucks their way, you could get a zip file that didn't have any embedded ads and was organized a little more nicely than what you'd get if you spidered the site. The directory tree that I have from decompressing everything is 35 MB in size. (Their FAQ now says that there are no downloads available.)
Back to top
View user's profile Send private message
Harshax
Journeyman


Joined: 05 Sep 2014
Posts: 133
Location: Chicago, USA

PostPosted: Mon Aug 21, 2017 3:21 pm    Post subject: Reply with quote Add User to Ignore List

Have you looked at dndsrd.net? There is an html SRD download. I've not evaluated how useful or feature rich the data is from them.

EDIT: the download is a complete replication of the online site. Size of extracted archive: 43Mb


Last edited by Harshax on Mon Aug 21, 2017 3:24 pm; edited 1 time in total
Back to top
View user's profile Send private message
Judging__Eagle
Prince


Joined: 07 Mar 2008
Posts: 4568
Location: Lake Ontario is in my backyard; Canada

PostPosted: Tue Aug 22, 2017 6:52 pm    Post subject: Reply with quote Add User to Ignore List

Wiseman wrote:
That hardly seems benign. That's like breaking into someone's home, vandalizing some stuff, and then leaving a note saying "your locks suck, get new ones."


When someone gets access to an unsecured (i.e. no password, "locks" etc.) backdoor for a large amount of webpages across several web domains (certainly nothing like a "house"; more like a college campus), for the second time, is able to affect a whole range of domains (which obviously weren't compartmentalized by any means), deletes not a single files and gives warning that they will delete files if the glaring security flaws aren't fixed... it's not like any malign hack that I've ever heard about in the slightest.

Since it's not a malicious hack attempt (no files stolen/deleted, no databases compromised/copied), the extent of damage done is limited to "inserting a single html file for all the domains to redirect to", the hacker tells the admin the methods by which they attained access, and essentially asks for the data on the various domains to be protected from an potentially malicious future attacks; it's really hard to classify this as remotely malicious.

If it wasn't benign, key index pages would be deleted (if not whole databases purged), the methods by which access was attained wouldn't be revealed, and certainly would there not be any sort of statement regarding securing the affected domains with better security in light of an upcoming domain attack.

Now, defacing a website isn't white hat hacking; but the rest of their actions are fairly white hat-like. It's a gray hat action if anything, but it's certainly nothing like black hat hacking.
_________________
Click here to see the hidden message (It might contain spoilers)
Back to top
View user's profile Send private message
JonSetanta
King


Joined: 07 Mar 2008
Posts: 5078
Location: interbutts

PostPosted: Mon Aug 28, 2017 11:44 am    Post subject: Reply with quote Add User to Ignore List

RobbyPants wrote:
JonSetanta wrote:
And that's why I saved the SRD to my laptop.
How big is it?


17.4 megs
_________________
My fiction blog and novelette

FrankTrollman wrote:
Scaling feats were just a bad idea. I'm sorry I wrote them.
Back to top
View user's profile Send private message
JonSetanta
King


Joined: 07 Mar 2008
Posts: 5078
Location: interbutts

PostPosted: Mon Aug 28, 2017 11:50 am    Post subject: Reply with quote Add User to Ignore List

See if this helps.

Apologies to FBMF if this isn't allowed, I would not know until it's too late.

https://www.4shared.com/zip/fsZ-L2twei/sovelior_sage_feb_08.html
_________________
My fiction blog and novelette

FrankTrollman wrote:
Scaling feats were just a bad idea. I'm sorry I wrote them.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    The Gaming Den Forum Index -> In My Humble Opinion... All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Powered by phpBB © 2001, 2005 phpBB Group