0
Welcome Guest! Login
0 items Join Now

ROCKETTHEME IS CLOSING JUNE 30, 2025. Read our  Farewell Blog Post  for more info.

phpbb.com attacked

Last Post
Search Topic

  • phpbb.com attacked

    Posted 16 years 3 months ago
    • I was looking for some info at phpbb.com and this popped up today.


      Maintenance

      We are sorry to report that we have been attacked through a vulnerability in an outdated PHPList installation. phpBB.com and related sites will remain unavailable while we work to recover. No vulnerabilities have been found in the phpBB software itself.

      You can download phpBB here: www.ohloh.net/p/phpbb

      You can get support at the temporary support forums or on IRC: chat.freenode.net #phpbb

      – the phpBB team

      Anyone know what's going on? Is this something that will be cause for another phpbb3 upgrade?

      Thanks.
    • Great Links:
      Tips Tricks and Tutorial Links
      phpbb3 How To: Add a new module position
      Top Tips For Support
      rokBox Login
    #276978
    • prim's Avatar
    • prim
    • Preeminent Rocketeer
    • Posts: 17290
    • Thanks: 217

    Re: phpbb.com attacked

    Posted 16 years 3 months ago
    • No vulnerabilities have been found in the phpBB software itself

      So don't worry about it :)
    • Please reply with a direct link to the issue & create a new thread for each new issue.

      A template is only as good as the content that goes into it ;) - DanG
    #276983

  • Re: phpbb.com attacked

    Posted 16 years 3 months ago
    #276988
    • prim's Avatar
    • prim
    • Preeminent Rocketeer
    • Posts: 17290
    • Thanks: 217

    Re: phpbb.com attacked

    Posted 16 years 3 months ago
    • Maybe Karol knows more about it.
    • Please reply with a direct link to the issue & create a new thread for each new issue.

      A template is only as good as the content that goes into it ;) - DanG
    #276992
    • Adrian Cooper's Avatar
    • Adrian Cooper
    • Elite Rocketeer
    • Posts: 531
    • Thanks: 0
    • Technologist, Published Author

    Re: phpbb.com attacked

    Posted 16 years 3 months ago
    • PHPBB has been down at least three days now.

      OK - so the issue was an outdated PHPList installation which they have presumably zapped or updated, but surely it only takes a few minutes to restore from the backup? I have restored very big mySQL databases from the command line in less than 10 minutes. What could possibly take 3 or more days?

      Also found this quote in their temporary forum a bit strange:
      The attackers have been focusing purely on the passwords stored in the old format.
      How do they know who the attackers are and what exactly they are doing with the stolen users table?

      The mystery deepens.

      Hope they are back soon after switching back to PHPBB from SMF.
    • www.ourultimatereality.com
    #277149
    • Ragdata's Avatar
    • Ragdata
    • Elite Rocketeer
    • Posts: 614
    • Thanks: 0
    • Software Engineer

    Re: phpbb.com attacked

    Posted 16 years 3 months ago
    • hehe ... I left this one for you mate - was hoping you'd find it :P
    • Ragdata's Rubber Duck
      www.ragdata.net/
    #277152
    • Adrian Cooper's Avatar
    • Adrian Cooper
    • Elite Rocketeer
    • Posts: 531
    • Thanks: 0
    • Technologist, Published Author

    Re: phpbb.com attacked

    Posted 16 years 3 months ago
    • Could hardly miss it :shock: I had to read it over a few times to believe it.

      If they know the "attackers" that well, why can't they just ask they for their users table back?

      Maybe the Somali's have branched out in to mySQL database hijack :D
    • www.ourultimatereality.com
    #277159

  • Re: phpbb.com attacked

    Posted 16 years 3 months ago
    #277280
    • Carbs's Avatar
    • Carbs
    • Sr. Rocketeer
    • Posts: 120
    • Thanks: 0

    Re: phpbb.com attacked

    Posted 16 years 3 months ago
    • Adrian Cooper wrote:
      PHPBB has been down at least three days now.
      Hope they are back soon after switching back to PHPBB from SMF.

      How are you liking the switch? Do you find it better or are they about the same?

      I'm thinking about going that route myself - oh let's say when the next phpBB template gets released :cheesy:
    #277309
    • Adrian Cooper's Avatar
    • Adrian Cooper
    • Elite Rocketeer
    • Posts: 531
    • Thanks: 0
    • Technologist, Published Author

    Re: phpbb.com attacked

    Posted 16 years 3 months ago
    • Carbs wrote:
      Adrian Cooper wrote:
      PHPBB has been down at least three days now.
      Hope they are back soon after switching back to PHPBB from SMF.

      How are you liking the switch? Do you find it better or are they about the same?

      I'm thinking about going that route myself - oh let's say when the next phpBB template gets released :cheesy:

      I have always preferred PHPBB - in fact my current SMF sites were converted from PHPBB2 - one of the sites has been converted about 5 times now.

      I switched to SMF because every time PHPBB2 was updated - which seemed like every week because of security issues, it wiped out all the extensions I had added - over 20 of them. The only way around it was to manually update only the code was updated. SMF was an is much better than PHPBB2.

      I switched to PHPBB3 for RokBridge, but also I figured that Andy would have done a lot of research before committing to PHPBB3, and that was good enough for me, and PHPBB3 is in a different league to PHPBB2.

      That said, I haven't converted by existing SMF sites yet. I am building new sites with PHPBB3.
    • www.ourultimatereality.com
    #277402

Time to create page: 0.088 seconds