The Gaming Den

Apparently the d20 SRD has been hacked. Got some wierd and possibly mailcious message showing up when entering the site from the main entrance.

All of that site network got hacked, including Ye Wikk (they took it over a while ago, ironically because I was tired of defending against exactly this).

Wait, the .org site?
Has it been considered abandoned?

I keep fighting the urge to visit the site to see... I don't know what. Thankfully my nonlizard brain portions are in enough control to interject and say "Wait, you hear a site is hacked with possible malicious attacks on visitors and your first impulse is to visit it? Are you that stupid?"

codeGlaze wrote:Wait, the .org site?
Has it been considered abandoned?

It's certainly not abandoned, no. I just transferred ownership to the people behind d20srd.org.

If anyone was wondering - it's back up now.

Mord wrote:If anyone was wondering - it's back up now.

I was on my laptop last night, and I actually got up to grab my PHB from the other room rather than risk going to the SRD. Good to know.

I faound that the d20srd.org site wasn't affected at all by this specific event. The 40k Lexicanum wiki, and a bunch of other domains were affected, however.

d20srd.org was indeed affected, for a couple days it was entirely inaccessible.

Surgo wrote:d20srd.org was indeed affected, for a couple days it was entirely inaccessible.

Odd, b/c it was accessible when the Lexicanum (et. al) defacement had happened and I was getting p4r4d0x cr3w's defacement page w Mads Mikkelsen on a bunch of other sites.

It was on and off for a while.

I don't really get why it would get hacked in the first place. What domains were tied to it that were worth the trouble of some hacking to be done?

Aryxbez wrote:I don't really get why it would get hacked in the first place. What domains were tied to it that were worth the trouble of some hacking to be done?

From what I gathered from the defacement page that went up on all of the domains, the hackers are trying to get the admin to tighten up a wide range of security faults that these hackers had been warning about, and defacing webpages, previously. Supposedly this was the second time something like this has happened, although it might have been the third; I can't recall the details of the defacement page.

The defacement page went on to inform the admins that they should clean up all backdoor access to their various domains, with a warning that they would delete all domains if the security holes that had been ID'd earlier weren't fixed up.

Truth be told, the reasons for the hack seem benign. If it was a malicious hack, content would have simply been deleted without any warning; even a partial deletion of wiki entries would be fairly severe to recover from. Instead, they posted a warning to the admin(s) regarding the nature of the hack, and incentive to prevent the domains from being compromised again.

That hardly seems benign. That's like breaking into someone's home, vandalizing some stuff, and then leaving a note saying "your locks suck, get new ones."

And that's why I saved the SRD to my laptop.

There wasn't any real reason for it I don't think, it was just an old school defacement. Shit like that used to happen all the time.

JonSetanta wrote:And that's why I saved the SRD to my laptop.

How big is it?

RobbyPants wrote:How big is it?

It used to be that, if you kicked a few bucks their way, you could get a zip file that didn't have any embedded ads and was organized a little more nicely than what you'd get if you spidered the site. The directory tree that I have from decompressing everything is 35 MB in size. (Their FAQ now says that there are no downloads available.)

Have you looked at dndsrd.net? There is an html SRD download. I've not evaluated how useful or feature rich the data is from them.

EDIT: the download is a complete replication of the online site. Size of extracted archive: 43Mb

Wiseman wrote:That hardly seems benign. That's like breaking into someone's home, vandalizing some stuff, and then leaving a note saying "your locks suck, get new ones."

When someone gets access to an unsecured (i.e. no password, "locks" etc.) backdoor for a large amount of webpages across several web domains (certainly nothing like a "house"; more like a college campus), for the second time, is able to affect a whole range of domains (which obviously weren't compartmentalized by any means), deletes not a single files and gives warning that they will delete files if the glaring security flaws aren't fixed... it's not like any malign hack that I've ever heard about in the slightest.

Since it's not a malicious hack attempt (no files stolen/deleted, no databases compromised/copied), the extent of damage done is limited to "inserting a single html file for all the domains to redirect to", the hacker tells the admin the methods by which they attained access, and essentially asks for the data on the various domains to be protected from an potentially malicious future attacks; it's really hard to classify this as remotely malicious.

If it wasn't benign, key index pages would be deleted (if not whole databases purged), the methods by which access was attained wouldn't be revealed, and certainly would there not be any sort of statement regarding securing the affected domains with better security in light of an upcoming domain attack.

Now, defacing a website isn't white hat hacking; but the rest of their actions are fairly white hat-like. It's a gray hat action if anything, but it's certainly nothing like black hat hacking.

RobbyPants wrote:

JonSetanta wrote:And that's why I saved the SRD to my laptop.

How big is it?

17.4 megs

See if this helps.

Apologies to FBMF if this isn't allowed, I would not know until it's too late.

https://www.4shared.com/zip/fsZ-L2twei/ ... eb_08.html