Mastodawn

Bill 18h ago

@nixCraft This is why we can't have nice things.

Aaron Toponce ⚛️

18h ago

@nixCraft Aside from defacement, what's the extent of the hack? Usernames and passwords leaked?

nixCraft 🐧18h ago

@atoponce no idea. we have to wait and see.

https://github.com/cassbethany10-afk/test123

pete 18h ago

@atoponce @nixCraft the hack looks to just be a defacement currently. the defacement is just links to this repository:

which just has some syn flooders and whatnot. unlikely to be anything sophisticated.

GitHub - cassbethany10-afk/test123

Contribute to cassbethany10-afk/test123 development by creating an account on GitHub.

GitHub

pete 18h ago

@atoponce @nixCraft also they decided to change who it was hacked by shortly after making the defacement page

@atoponce @nixCraft they also made this update. user `sizinrepo` seemingly doesn't exist anymore.

@atoponce @nixCraft looks like the forums are back.

https://fosstodon.org/@xinayder/116319094022309675

@atoponce @nixCraft looks like the forums are back down???

^ this fedi post seems to imply (to me) it was just stored XSS?

Alex (@[email protected])

Attached: 1 image they added widgets to what seems to be the "Whats New" section of the forums, which load the replacement web page:

Fosstodon

@atoponce @nixCraft forums are undergoing an "upgrade", which is hopefully a patch for whatever the attack was.

EDIT: actually, i'm not sure. my phone might be caching the page and giving me that. a different browser is saying the forums are down.

nixCraft 🐧17h ago

@novet @atoponce it is taken down now and i think it will remain down until admins or IT folks at FreeBSD infra team finds out exact root causes and how much damaged is done so far.

TomAoki 16h ago

@nixCraft @novet @atoponce
Anyway, the DNS entry for forums.freebsd.org seems to be removed currently.
% drill forums.freebsd.org @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 46711
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; forums.freebsd.org. IN A

;; ANSWER SECTION:
forums.freebsd.org. 60 IN A 127.0.0.1

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 13 msec
;; SERVER: 1.1.1.1
;; WHEN: Tue Mar 31 03:04:59 2026
;; MSG SIZE rcvd: 52

The answer could be because of local_unbound (running at 127.0.0.1 [localhost]).

For some (running) others and parent entry:
% drill freebsd.org @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40850
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; freebsd.org. IN A

;; ANSWER SECTION:
freebsd.org. 3600 IN A 96.47.72.84

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 18 msec
;; SERVER: 1.1.1.1
;; WHEN: Tue Mar 31 03:05:34 2026
;; MSG SIZE rcvd: 45
% drill bugs.freebsd.org @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 53700
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; bugs.freebsd.org. IN A

;; ANSWER SECTION:
bugs.freebsd.org. 60 IN CNAME web3.nyi.freebsd.org.
web3.nyi.freebsd.org. 3600 IN A 96.47.72.106

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 35 msec
;; SERVER: 1.1.1.1
;; WHEN: Tue Mar 31 03:06:29 2026
;; MSG SIZE rcvd: 73
% drill www.freebsd.org @1.1.1.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 36543
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; www.freebsd.org. IN A

;; ANSWER SECTION:
www.freebsd.org. 10 IN CNAME web.geo.freebsd.org.
web.geo.freebsd.org. 150 IN A 192.50.199.250
web.geo.freebsd.org. 150 IN A 210.231.212.93

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 174 msec
;; SERVER: 1.1.1.1
;; WHEN: Tue Mar 31 03:06:02 2026
;; MSG SIZE rcvd: 87

pete 16h ago

@TomAoki @nixCraft @atoponce sensible move. would answer why i can't access it not on my phone and that my phone is caching it.

@atoponce @nixCraft not sure about the XSS actually but i literally just have a phone and a BSD laptop which can't find the network interface (hence why i was looking at the forums) so couldn't do any proper investigation. hopefully the admins can get it up and running and the damage is only surface level.

Neil E. Hodges 18h ago

@nixCraft Wild.

bazkie 👩🏼‍💻 bitplanes 🎵18h ago

@nixCraft #freebsd tag for extra visibility

@nixCraft
source url of this news ?

Neil E. Hodges 17h ago

@nixCraft @enigma If you go to the FreeBSD forums, you get this.
♲ f.kawa-kun.com/display/881761a…

nixCraft 🐧

heads up: FreeBSD forums hacked. Be caeeful with your email or DMs coming from FreeBSD forum or freebsd{.}org for some time now. https://forums {.} freebsd ...

@tk
this is not the expected source from FreeBSD.org itself. Your link mirrors only this timeline here. So it has no more value . Authorized message from FreeBSD please
@nixCraft

https://lists.freebsd.org/archives/freebsd-chat/2026-March/000075.html

@enigma @nixCraft as far as i've seen, it's only been mentioned on this mailing list:

so far. don't think there has been any official response as of yet.

Forums hacked or defaced

https://fosstodon.org/@xinayder/116319164677216376

@enigma @nixCraft there is this fedi post where someone claims they spoke on IRC. i haven't got a computer with me to check

Alex (@[email protected])

got reply from IRC that the server admins are aware of the issue. hopefully it's just a defacement and no data was exfiltrated!

Fosstodon

@novet
this helps more than scary screenshots from @nixCraft , thanks sincerely.
@nixCraft

@novet
thanks, honestly. Maybe only forum is concerned. Not all freebsd.org
🙏
@nixCraft

@enigma @nixCraft currently looks like it was just injection based on what i've seen on fedi. forums went back up a bit ago and just went back down seemingly.

Neil E. Hodges 17h ago

@nixCraft @enigma Inb4 he claims this was edited. :P

(need more cuddles)17h ago

Luna / Miika ☭

@nixCraft @enigma Mailinglist and website, apparently only their frontend is hacked but who knows

hazelnot

17h ago

@enigma @nixCraft you could see it for yourself, the page apparently got replaced with some "WarNight" shit and Russian text, it's down completely now though

Ԏєηυкι, 手抜き🚀🐧♏ 🔭 ⚫⚪16h ago

@hazelnot
you may have noticed I didnot have to see it. There are helpful people who don't say " see for yourself". Those I have to thank what I did.

hazelnot

15h ago

@enigma lol what? I didn't say "see for yourself", I said you could've seen it and that was the source, the website itself looking the way it did 💀

But sure, feel free to continue being a condescending asshole 🤷

Ray McCarthy 17h ago

@nixCraft
Oh dear. :(

Just the forums? The packages & manuals not affected?

Richard 17h ago

@nixCraft looks they are recovering

ĞÖKÜ👻👻™16h ago

@nixCraft whatever I want to start gets destroyed. ☹️ 😂.. Was thinking to start Linux but now many distro going to implement age verification... Was thinking to use bluesky they Goin to use AI. Was thinking to use FreeBSD and shared video 2 days ago now this hacking news. Wath a lucky person I'm. 😅

cynical melomaniac

12h ago

@nixCraft That's incredibly rude.