So is anyone having problems with the SRD also? When I enter it just shows a weird message and plays audio. Anyone else having the same problem?

Yeah, seems to be a hacking group that's targeting the people that own it, BoLS Interactive, since BoLS's site has the same main page. You can still access the rest of the site, you just can't use the main page.

Yeah, I went to check something there and it showed up as hacked for me as well.

This is the message they wrote:




______ ___ ______ _________ _______ __ _____ ______ _____ _ _
| ___ \/ || ___ \/ | _ \ _ \ \ / / / __ \| ___ \____ || | | |
| |_/ / /| || |_/ / /| | | | | |/' |\ V / | / \/| |_/ / / /| | | |
| __/ /_| || / /_| | | | | /| |/ \ | | | / \ \| |/\| |
| | \___ || |\ \___ | |/ /\ |_/ / /^\ \ | \__/\| |\ \.___/ /\ /\ /
\_| |_/\_| \_| |_/___/ \___/\/ \/ \____/\_| \_\____/ \/ \/


https://media.giphy.com/media/j4UWfTBXzIgmY/source.gif

Hello Administrator, How are you today?

I realized that you spent a lot of time hunting my backdoors.

Well... Let's play a game.

Use this same effort to fix all bugs from this **** security.

If you try to delete my backdoors again and I h4ck this server for the third time, I'll delete all domains.

We'r: J0shua - Sup3rm4n - Mhemphis - Cr0n05 - MMxM - Arplhmd

They also embedded this classical music in the page (it automatically plays):
https://www.youtube.com/embed/EFJ7kDva7JE?autoplay=1

Wow...people like that well and truly make me sick...and violent

Yeah, seems to be a hacking group that's targeting the people that own it, BoLS Interactive, since BoLS's site has the same main page. You can still access the rest of the site, you just can't use the main page.

I wonder what they did to deserve this. And no, you can't anymore. It returns a 403.


Wow...people like that well and truly make me sick...and violent

Frankly... these people provide a service that many people pay good money for. It's poorly managed sites that make me foam at the mouth.

I wonder what they did to deserve this. And no, you can't anymore. It returns a 403.



Frankly... these people provide a service that many people pay good money for. It's poorly managed sites that make me foam at the mouth.

Correction: People pay for responsible and benevolent security tests. These hackers fail both tests:
1) They announced the security flaws to other bad actors. While informing threatened users (if there are any) is important, announcing to the public at large also tells the bad actors that those threatened users are vulnerable. (Irresponsible)
2) They announced that they will destroy content if they succeed again. (Malice)

Correction: People pay for responsible and benevolent security tests. These hackers fail both tests:
1) They announced the security flaws to other bad actors. While informing threatened users (if there are any) is important, announcing to the public at large also tells the bad actors that those threatened users are vulnerable. (Irresponsible)
2) They announced that they will destroy content if they succeed again. (Malice)

Come on... I know it's malicious. Let me have my moment of outrage for the bad admins of the world here. :)
Especially over 2) being a threat at all.

Too many times have I seen instances of not malice, but simple human mistakes cause untold amounts of damage and headaches, because someone forgot to run the backups.

On 1), well... how many high-profile cases have we seen of responsible disclosure failing utterly.

Also, don't take this for me arguing it wouldn't have worked here. Unless you wanna banter on IT security practices.

Lousy security's bad, sure, though I'm not a fan of trespassers rifling through my stuff to see if they could and then painting the side of my house to let me know it happened.

you know i literally give zero f to d20srd so gooooooooooood riddance

you know i literally give zero f to d20srd so gooooooooooood riddance

You know, some of us use it and enjoy having easy access to the resources.

you know i literally give zero f to d20srd so gooooooooooood riddanceWell I guess if a site that you use for reference goes down that'll be good news too, right? 😡

And I don't think much of these hackers. Telling me that my front door lock is crap - helpful. Breaking in and taking a dump on the couch while announcing to all and sundry that it's easy to break in - not helpful, being an *******.

Come on... I know it's malicious. Let me have my moment of outrage for the bad admins of the world here. :)
Especially over 2) being a threat at all.

Too many times have I seen instances of not malice, but simple human mistakes cause untold amounts of damage and headaches, because someone forgot to run the backups.

On 1), well... how many high-profile cases have we seen of responsible disclosure failing utterly.

Also, don't take this for me arguing it wouldn't have worked here. Unless you wanna banter on IT security practices.

Oh do not let me deter your outrage at bad admins. We clearly see some degree of negligence on their part by allowing the same(?) exploit twice by the same group.

In fact, stack my outrage with yours.

And I don't think much of these hackers. Telling me that my front door lock is crap - helpful. Breaking in and taking a dump on the couch while announcing to all and sundry that it's easy to break in - not helpful, being an *******.

A bit of wrong comparison when it comes to IT security. For some companies, their business model is providing a "free" service, but selling (correlated) customer data to generate their income revenue. In a way, that is pretty sensible material that has to be handled with the utmost care.
So it might not actually be "taking a dump on the couch", but rather "taking a dump in front of the database you keep your profiles in".

In fact, stack my outrage with yours.

Can't. Both instances are a morale bonus.

A bit of wrong comparison when it comes to IT security. For some companies, their business model is providing a "free" service, but selling (correlated) customer data to generate their income revenue. In a way, that is pretty sensible material that has to be handled with the utmost care.
So it might not actually be "taking a dump on the couch", but rather "taking a dump in front of the database you keep your profiles in".d20SRD doesn't ask for any personal info, or even a user name. The only "customer data" it's gathered from me is "which Sor/Wiz spells get looked up more often", which I doubt they're selling to anyone. :smalltongue:

Can't. Both instances are a morale bonus.

Huh. What about stacking a competence outrage with a morale outrage?

I it me, or are they telling the admin to beef up security without beefing up security or else?

That doesn't even seem like a reasonable criminal demand, it's more of an impossible task as a setup for them supposedly being in the right when they start wrecking ****, costing a bunch of (practically?) hobbyists helping the community at large out time and money.

Smart hooligans are the worst, they overthink their stupid non-existent motivations.

Huh. What about stacking a competence outrage with a morale outrage?

I'm not in a position to judge your competence, so add whatever modifier you see fit there, but if I were DMing this I'd certainly give a circumstance bonus.

Frankly... these people provide a service that many people pay good money for. It's poorly managed sites that make me foam at the mouth.

He demanded not to remove the backdoors, that's more asshat than white hat.I

I do 't inow what they expect to remove though, the SRD site sells downloadable copies of the whole SRD in the same format. Once the hackers are removed they just need to reach out to a customer and the site's up again

He demanded not to remove the backdoors, that's more asshat than white hat.I

I do 't inow what they expect to remove though, the SRD site sells downloadable copies of the whole SRD in the same format. Once the hackers are removed they just need to reach out to a customer and the site's up again

As noted higher up in the thread, it looks like collateral damage in an attack on Bell of Lost Souls, although I'm not sure the actual news site server is the same server. Given that specific pages are apparently fine and it's just the index.htm files, I'm guessing some sort of script to replace the contents of all files with that name got launched across the entire server.

(Edit: It's possible the Vandalism was also a probe in and of itself- checking to see how many different websites were hosted off the one host, even.)

Oh do not let me deter your outrage at bad admins. We clearly see some degree of negligence on their part by allowing the same(?) exploit twice by the same group.

In fact, stack my outrage with yours.

Most likely it was different exploits. The hackers probably got in with one exploit, installed a backdoor, which they used to investigate the server in more depth, found additional holes in security, the admins noticed, deleted some (but not all apparently) the back doors, and likely patched the hole the hackers used to get in. Then this happened.

It's really starting to sound like this thread belongs in the Shadowrun forum.

Hackers and backdoors in D&D = The barbarian is coming in where you didn't expect him.

I it me, or are they telling the admin to beef up security without beefing up security or else?

That doesn't even seem like a reasonable criminal demand, it's more of an impossible task as a setup for them supposedly being in the right when they start wrecking ****, costing a bunch of (practically?) hobbyists helping the community at large out time and money.

Smart hooligans are the worst, they overthink their stupid non-existent motivations.

Thankfully the Pathfinder SRD is untouched, so if it does get deleted by these people, we both have the PF SRD and probably a lot of people willing to fill in the 3.5 SRD blanks from the information they have. and if the host is smart, they'll find a way to back it all up to somewhere its safe.

I have the offline copy (from several years ago, but I don't think the core data has changed), so useful for me.

But I don't feel comfortable on the legality of putting up a temporary mirror.

I posted this in the necro thread, but I'll post it here as well.

This is a viable alternative until (if?) the issues are sorted out: http://dndsrd.net/home.html

Thankfully the Pathfinder SRD is untouched, so if it does get deleted by these people, we both have the PF SRD and probably a lot of people willing to fill in the 3.5 SRD blanks from the information they have. and if the host is smart, they'll find a way to back it all up to somewhere its safe.

you know the official 3.5 srd is still availale directly from wizards in .rtf, right? The information hasn't been lost or anything, just the method of presentation done by d20srd.com. As Thurbane noted, there are still other prefectly viable sources for the srd available.

you know the official 3.5 srd is still availale directly from wizards in .rtf, right? The information hasn't been lost or anything, just the method of presentation done by d20srd.com. As Thurbane noted, there are still other prefectly viable sources for the srd available.

The official srd is difficult to navigate

He demanded not to remove the backdoors, that's more asshat than white hat.

Okay, points for this one, you win an internet.


Thankfully the Pathfinder SRD is untouched, so if it does get deleted by these people, we both have the PF SRD and probably a lot of people willing to fill in the 3.5 SRD blanks from the information they have. and if the host is smart, they'll find a way to back it all up to somewhere its safe.

PFSRD recently moved to wordpress(from google sites - say what you will, but google knows security), so cross your fingers they know what they're doing. An unsecured WP instance is leakier than my shower head.

Besides, 3.5 SRD is just a buncha HTML files. No JS, no nothing(excluding the ads they inject).

The official srd is difficult to navigate

Not denying that at all :smalltongue: But the information isn't lost was my point.

Okay, points for this one, you win an internet.



PFSRD recently moved to wordpress(from google sites - say what you will, but google knows security), so cross your fingers they know what they're doing. An unsecured WP instance is leakier than my shower head.

Besides, 3.5 SRD is just a buncha HTML files. No JS, no nothing(excluding the ads they inject).

.js for searches, at least in my old copy. But not that those are super necessary.

It is the best organized SRD site of all the ones I've stumbled over.

.js for searches, at least in my old copy. But not that those are super necessary.

It is the best organized SRD site of all the ones I've stumbled over.

That's cuz "Hypertext" isn't a brand or a gimmick, it's a qualifying descriptor.

'sides, the search is just google search injected.

I've disabled JS on that site cuz of the ads. It works perfectly.

It's also incidentally why you'd be okay in posting your copy. The content is open and the tech behind it is open. There are no copyrightable implementation details.

Do you guys recall the old owners allowing you to download the entire site for $20 or something? I wish I bought it then. Even without the hacking, d20srd is down a lot.

d20SRD doesn't ask for any personal info, or even a user name. The only "customer data" it's gathered from me is "which Sor/Wiz spells get looked up more often", which I doubt they're selling to anyone. :smalltongue:

Maybe you should think a bit before coming to the obvious conclusions? The attack was targeted at either the company or one of their subsidiaries and hit all sites hosted on the same server or service, including d20srd. That´s just uninteresting fallout.

Thankfully the Pathfinder SRD is untouched, so if it does get deleted by these people, we both have the PF SRD and probably a lot of people willing to fill in the 3.5 SRD blanks from the information they have. and if the host is smart, they'll find a way to back it all up to somewhere its safe.

You can still download the 3.5 SRD from the WotC website.

Note that errata has not been applied to the info there (unlike the d20srd.org website).


Links:
http://www.wizards.com/default.asp?x=d20/article/srd35
http://archive.wizards.com/default.asp?x=dnd/errata

Do you guys recall the old owners allowing you to download the entire site for $20 or something? I wish I bought it then. Even without the hacking, d20srd is down a lot.

That's the copy I have I think. One of my players bought it in.. 2012 maybe? Dumped it in the Google Drive folder my table shares for game stuff.

Now that I found it again, I may just use it all the time. It's noticeably faster running locally (especially search).

Maybe you should think a bit before coming to the obvious conclusions? The attack was targeted at either the company or one of their subsidiaries and hit all sites hosted on the same server or service, including d20srd. That´s just uninteresting fallout.It's the only one I use, so it's the one interesting to me, collateral damage or not. My point is that the hacker's justification is weak - and that was before I heard about "don't close the backdoor". That part puts it into "jerks on a power trip" territory.

It's the only one I use, so it's the one interesting to me, collateral damage or not. My point is that the hacker's justification is weak - and that was before I heard about "don't close the backdoor". That part puts it into "jerks on a power trip" territory.
In an especially charitable interpretation, they might have meant "close the front door (i.e. the exploits I used to get in in the first place) first so your security will actually mean something."

Absolutely infuriating - both the hackers' attitudes and the fact that they're causing collateral damage so negligently. Such trite, adolescent pablum that they're spouting...

Somebody hacking a site to bring it down to be all "lol your security sucks" is like someone breaking into a car to vandalize the interior in order to say "lol your car door locks suck."

(Plus, choosing this target is lame: this isn't like breaking into Elon Musk's car to make some kind of stupid point; this is more like breaking into the car of your local game-shop owner. Yes, OK, the attack wasn't probably aimed at d20srd per se, but that's more like smashing the game-shop owner's car because it was in the way of the hardware store owner's car. Woo.)

Even if I agreed that my car door lock security isn't top notch, my disincentive to upgrade my door locks is that any locks I install will fail to prevent entry by a vandal/thief armed with a $0.50 brick.

-wanders in- So what's what happened to the SRD. Well, there's always the pathfinder, which is mostly the same, but still.

I get paranoid when I see big things hit like this and go "if they could hit the SRD they could hit Roll20" or something.

Even if I agreed that my car door lock security isn't top notch, my disincentive to upgrade my door locks is that any locks I install will fail to prevent entry by a vandal/thief armed with a $0.50 brick.

In this analogy the brick will be played by a DDOS attack.

In this analogy the brick will be played by a DDOS attack.

A DDoS is less like throwing a brick, and more like dumping cement in front of all the doors and windows so that nobody can get in.

A DDoS is less like throwing a brick, and more like dumping cement in front of all the doors and windows so that nobody can get in.

That sounds like the premise of a bad horror/survival movie

And it's up again.

That sounds like the premise of a bad horror/survival movie

I would totally watch that

And it's up again.

No 5e or D&D wiki yet.

SRD has been providing free resources to gamers (that's us) for over a decade. As someone has already mentioned, they don't require anything from us, and therefore collect very little data of value. Crashing thier welcome page isn't hacktavism. It isn't noble. It isn't helpful. It's just internet dickery.

5e srd is back up, wiki still appears to be down.

wiki works for me perfectly actually. It has been all along for me at least

Down again?
I can't hit it from Comcast or Verizon, just times out.

Down again?
I can't hit it from Comcast or Verizon, just times out.

Working fine for me from my work internet...

Working fine for me from my work internet...

Yeah, it started working for me again about 2 hours after I posted that.
At the time it was down on Comcast, Verizon, Suddenlink, Shentel, and our local WISP. When I got to 5 non-working ISPs I stopped checking any more.