Looks like the SRD got hacked.

General questions, debates, and rants about RPGs

Moderator: Moderators

Post Reply
User avatar
Wiseman
Duke
Posts: 1402
Joined: Fri Mar 09, 2012 4:43 pm
Location: That one place
Contact:

Looks like the SRD got hacked.

Post by Wiseman »

Apparently the d20 SRD has been hacked. Got some wierd and possibly mailcious message showing up when entering the site from the main entrance.
Keys to the Contract: A crossover between Puella Magi Madoka Magica and Kingdom Hearts.
Image
RadiantPhoenix wrote:
TheFlatline wrote:Legolas/Robin Hood are myths that have completely unrealistic expectation of "uses a bow".
The D&D wizard is a work of fiction that has a completely unrealistic expectation of "uses a book".
hyzmarca wrote:Well, Mario Mario comes from a blue collar background. He was a carpenter first, working at a construction site. Then a plumber. Then a demolitionist. Also, I'm not sure how strict Mushroom Kingdom's medical licensing requirements are. I don't think his MD is valid in New York.
Surgo
Duke
Posts: 1924
Joined: Fri Mar 07, 2008 7:54 pm

Post by Surgo »

All of that site network got hacked, including Ye Wikk (they took it over a while ago, ironically because I was tired of defending against exactly this).
User avatar
codeGlaze
Duke
Posts: 1083
Joined: Wed Oct 05, 2011 9:38 pm

Post by codeGlaze »

Wait, the .org site?
Has it been considered abandoned?
User avatar
erik
King
Posts: 5861
Joined: Fri Mar 07, 2008 7:54 pm

Post by erik »

I keep fighting the urge to visit the site to see... I don't know what. Thankfully my nonlizard brain portions are in enough control to interject and say "Wait, you hear a site is hacked with possible malicious attacks on visitors and your first impulse is to visit it? Are you that stupid?"
Surgo
Duke
Posts: 1924
Joined: Fri Mar 07, 2008 7:54 pm

Post by Surgo »

codeGlaze wrote:Wait, the .org site?
Has it been considered abandoned?
It's certainly not abandoned, no. I just transferred ownership to the people behind d20srd.org.
Mord
Knight-Baron
Posts: 565
Joined: Thu Apr 24, 2014 12:25 am

Post by Mord »

If anyone was wondering - it's back up now.
User avatar
RobbyPants
King
Posts: 5201
Joined: Wed Aug 06, 2008 6:11 pm

Post by RobbyPants »

Mord wrote:If anyone was wondering - it's back up now.
I was on my laptop last night, and I actually got up to grab my PHB from the other room rather than risk going to the SRD. Good to know.
User avatar
Judging__Eagle
Prince
Posts: 4671
Joined: Fri Mar 07, 2008 7:54 pm
Location: Lake Ontario is in my backyard; Canada

Post by Judging__Eagle »

I faound that the d20srd.org site wasn't affected at all by this specific event. The 40k Lexicanum wiki, and a bunch of other domains were affected, however.
The Gaming Den; where Mathematics are rigorously applied to Mythology.

While everyone's Philosophy is not in accord, that doesn't mean we're not on board.
Surgo
Duke
Posts: 1924
Joined: Fri Mar 07, 2008 7:54 pm

Post by Surgo »

d20srd.org was indeed affected, for a couple days it was entirely inaccessible.
User avatar
Judging__Eagle
Prince
Posts: 4671
Joined: Fri Mar 07, 2008 7:54 pm
Location: Lake Ontario is in my backyard; Canada

Post by Judging__Eagle »

Surgo wrote:d20srd.org was indeed affected, for a couple days it was entirely inaccessible.
Odd, b/c it was accessible when the Lexicanum (et. al) defacement had happened and I was getting p4r4d0x cr3w's defacement page w Mads Mikkelsen on a bunch of other sites.
The Gaming Den; where Mathematics are rigorously applied to Mythology.

While everyone's Philosophy is not in accord, that doesn't mean we're not on board.
User avatar
Wiseman
Duke
Posts: 1402
Joined: Fri Mar 09, 2012 4:43 pm
Location: That one place
Contact:

Post by Wiseman »

It was on and off for a while.
Keys to the Contract: A crossover between Puella Magi Madoka Magica and Kingdom Hearts.
Image
RadiantPhoenix wrote:
TheFlatline wrote:Legolas/Robin Hood are myths that have completely unrealistic expectation of "uses a bow".
The D&D wizard is a work of fiction that has a completely unrealistic expectation of "uses a book".
hyzmarca wrote:Well, Mario Mario comes from a blue collar background. He was a carpenter first, working at a construction site. Then a plumber. Then a demolitionist. Also, I'm not sure how strict Mushroom Kingdom's medical licensing requirements are. I don't think his MD is valid in New York.
User avatar
Aryxbez
Duke
Posts: 1036
Joined: Fri Oct 15, 2010 9:41 pm

Post by Aryxbez »

I don't really get why it would get hacked in the first place. What domains were tied to it that were worth the trouble of some hacking to be done?
What I find wrong w/ 4th edition: "I want to stab dragons the size of a small keep with skin like supple adamantine and command over time and space to death with my longsword in head to head combat, but I want to be totally within realistic capabilities of a real human being!" --Caedrus mocking 4rries

"the thing about being Mister Cavern [DM], you don't blame players for how they play. That's like blaming the weather. Weather just is. You adapt to it. -Ancient History
User avatar
Judging__Eagle
Prince
Posts: 4671
Joined: Fri Mar 07, 2008 7:54 pm
Location: Lake Ontario is in my backyard; Canada

Post by Judging__Eagle »

Aryxbez wrote:I don't really get why it would get hacked in the first place. What domains were tied to it that were worth the trouble of some hacking to be done?
From what I gathered from the defacement page that went up on all of the domains, the hackers are trying to get the admin to tighten up a wide range of security faults that these hackers had been warning about, and defacing webpages, previously. Supposedly this was the second time something like this has happened, although it might have been the third; I can't recall the details of the defacement page.

The defacement page went on to inform the admins that they should clean up all backdoor access to their various domains, with a warning that they would delete all domains if the security holes that had been ID'd earlier weren't fixed up.

Truth be told, the reasons for the hack seem benign. If it was a malicious hack, content would have simply been deleted without any warning; even a partial deletion of wiki entries would be fairly severe to recover from. Instead, they posted a warning to the admin(s) regarding the nature of the hack, and incentive to prevent the domains from being compromised again.
Last edited by Judging__Eagle on Sun Aug 20, 2017 6:42 pm, edited 3 times in total.
The Gaming Den; where Mathematics are rigorously applied to Mythology.

While everyone's Philosophy is not in accord, that doesn't mean we're not on board.
User avatar
Wiseman
Duke
Posts: 1402
Joined: Fri Mar 09, 2012 4:43 pm
Location: That one place
Contact:

Post by Wiseman »

That hardly seems benign. That's like breaking into someone's home, vandalizing some stuff, and then leaving a note saying "your locks suck, get new ones."
Last edited by Wiseman on Mon Aug 21, 2017 12:36 am, edited 1 time in total.
Keys to the Contract: A crossover between Puella Magi Madoka Magica and Kingdom Hearts.
Image
RadiantPhoenix wrote:
TheFlatline wrote:Legolas/Robin Hood are myths that have completely unrealistic expectation of "uses a bow".
The D&D wizard is a work of fiction that has a completely unrealistic expectation of "uses a book".
hyzmarca wrote:Well, Mario Mario comes from a blue collar background. He was a carpenter first, working at a construction site. Then a plumber. Then a demolitionist. Also, I'm not sure how strict Mushroom Kingdom's medical licensing requirements are. I don't think his MD is valid in New York.
User avatar
JonSetanta
King
Posts: 5525
Joined: Fri Mar 07, 2008 7:54 pm
Location: interbutts

Post by JonSetanta »

And that's why I saved the SRD to my laptop.
Surgo
Duke
Posts: 1924
Joined: Fri Mar 07, 2008 7:54 pm

Post by Surgo »

There wasn't any real reason for it I don't think, it was just an old school defacement. Shit like that used to happen all the time.
User avatar
RobbyPants
King
Posts: 5201
Joined: Wed Aug 06, 2008 6:11 pm

Post by RobbyPants »

JonSetanta wrote:And that's why I saved the SRD to my laptop.
How big is it?
czernebog
1st Level
Posts: 41
Joined: Wed Aug 31, 2011 12:11 pm

Post by czernebog »

RobbyPants wrote:How big is it?
It used to be that, if you kicked a few bucks their way, you could get a zip file that didn't have any embedded ads and was organized a little more nicely than what you'd get if you spidered the site. The directory tree that I have from decompressing everything is 35 MB in size. (Their FAQ now says that there are no downloads available.)
Harshax
Knight
Posts: 393
Joined: Fri Sep 05, 2014 3:12 pm
Location: Chicago, USA

Post by Harshax »

Have you looked at dndsrd.net? There is an html SRD download. I've not evaluated how useful or feature rich the data is from them.

EDIT: the download is a complete replication of the online site. Size of extracted archive: 43Mb
Last edited by Harshax on Mon Aug 21, 2017 3:24 pm, edited 1 time in total.
User avatar
Judging__Eagle
Prince
Posts: 4671
Joined: Fri Mar 07, 2008 7:54 pm
Location: Lake Ontario is in my backyard; Canada

Post by Judging__Eagle »

Wiseman wrote:That hardly seems benign. That's like breaking into someone's home, vandalizing some stuff, and then leaving a note saying "your locks suck, get new ones."
When someone gets access to an unsecured (i.e. no password, "locks" etc.) backdoor for a large amount of webpages across several web domains (certainly nothing like a "house"; more like a college campus), for the second time, is able to affect a whole range of domains (which obviously weren't compartmentalized by any means), deletes not a single files and gives warning that they will delete files if the glaring security flaws aren't fixed... it's not like any malign hack that I've ever heard about in the slightest.

Since it's not a malicious hack attempt (no files stolen/deleted, no databases compromised/copied), the extent of damage done is limited to "inserting a single html file for all the domains to redirect to", the hacker tells the admin the methods by which they attained access, and essentially asks for the data on the various domains to be protected from an potentially malicious future attacks; it's really hard to classify this as remotely malicious.

If it wasn't benign, key index pages would be deleted (if not whole databases purged), the methods by which access was attained wouldn't be revealed, and certainly would there not be any sort of statement regarding securing the affected domains with better security in light of an upcoming domain attack.

Now, defacing a website isn't white hat hacking; but the rest of their actions are fairly white hat-like. It's a gray hat action if anything, but it's certainly nothing like black hat hacking.
The Gaming Den; where Mathematics are rigorously applied to Mythology.

While everyone's Philosophy is not in accord, that doesn't mean we're not on board.
User avatar
JonSetanta
King
Posts: 5525
Joined: Fri Mar 07, 2008 7:54 pm
Location: interbutts

Post by JonSetanta »

RobbyPants wrote:
JonSetanta wrote:And that's why I saved the SRD to my laptop.
How big is it?
17.4 megs
The Adventurer's Almanac wrote:
Fri Oct 01, 2021 10:25 pm
Nobody gives a flying fuck about Tordek and Regdar.
User avatar
JonSetanta
King
Posts: 5525
Joined: Fri Mar 07, 2008 7:54 pm
Location: interbutts

Post by JonSetanta »

See if this helps.

Apologies to FBMF if this isn't allowed, I would not know until it's too late.

https://www.4shared.com/zip/fsZ-L2twei/ ... eb_08.html
The Adventurer's Almanac wrote:
Fri Oct 01, 2021 10:25 pm
Nobody gives a flying fuck about Tordek and Regdar.
Post Reply