[Discussion] Downtime and Server Compromise

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
K45p3r
Registered User
Posts: 1
Joined: Sun Feb 08, 2009 5:13 am

Re: [Discussion] Downtime and Server Compromise

Post by K45p3r » Sun Feb 08, 2009 5:16 am

Was just wondering i keep getting a Error when i try to go to my Phpbb site and not sure what it is meaning is it cause of the attack that was done on the site? any help would be great


Error Message

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@dominanox.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Marshalrusty
Project Manager
Project Manager
Posts: 272
Joined: Thu Oct 27, 2005 1:45 am

Re: [Discussion] Downtime and Server Compromise

Post by Marshalrusty » Sun Feb 08, 2009 5:53 am

You should contact your hosting company, as the error basically tells you to do (unless you yourself are the server administrator).

Your server's uptime is in no way tied to whether we are having issues.

C-64
Registered User
Posts: 2
Joined: Sun Feb 08, 2009 10:35 am

Re: [Discussion] Downtime and Server Compromise

Post by C-64 » Sun Feb 08, 2009 10:55 am

Hi there. I was having problems with my forum (smf) and I was thinking to switch to phpBB this days. Now I see this incident you have and I was wondering where to find safe instruction and tools for convert my old forum to phpBB? Should I wait for this official phpBB site or what?

Thank you for good work you have done with phpBB and wish you all best.

dowelld
Registered User
Posts: 11
Joined: Fri Feb 06, 2009 10:03 am

Re: [Discussion] Downtime and Server Compromise

Post by dowelld » Sun Feb 08, 2009 11:58 am

@ K45p3r

You need to change the message you are displaying on your portal mainpage.
FORUMS ARE DOWM FOR MAINTENANCE!!!! PhpBB was attacked and lost alot of servers the Phpbb team is working to get this problem solved as fast as they can please check back and I am hopeing they can get it done ASAP.. untill then the forums will be down.. I am sorry
Site Admin ~Domina Nox
I'm afraid your forum being down is nothing to do with phpbb.com, or it having been hacked in anyway.

phpbb.com didn't lose any servers other than their own ones which they chose to take down.

As for your forum being down, as you have been advised you need to talk to your hosting company, the problem is with your site, not with phpBB3.

User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [Discussion] Downtime and Server Compromise

Post by A_Jelly_Doughnut » Sun Feb 08, 2009 3:41 pm

C-64 wrote:Hi there. I was having problems with my forum (smf) and I was thinking to switch to phpBB this days. Now I see this incident you have and I was wondering where to find safe instruction and tools for convert my old forum to phpBB? Should I wait for this official phpBB site or what?
Feel free to make a post in the "support" forum on this board.

There are some already existing topics that might answer your questions, though:
viewtopic.php?f=71&t=30740
viewtopic.php?f=71&t=30827
viewtopic.php?f=71&t=30990
A_Jelly_Doughnut

mulkman
Registered User
Posts: 5
Joined: Sun Feb 08, 2009 5:12 pm

Re: [Discussion] Downtime and Server Compromise

Post by mulkman » Sun Feb 08, 2009 5:23 pm

Yes

But how did the attacker know you were running phplist software. Im pretty much certain the page did not have "Powered by phplist" at bottom

:roll:

Although their is nothing you can do about 0day exploits.

Phil
Registered User
Posts: 185
Joined: Sun Mar 11, 2007 3:20 am
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by Phil » Sun Feb 08, 2009 5:43 pm

It said on the mailing lists page. They do have a copyright line.
My phpbb.com account
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.

I Reject Reality
Registered User
Posts: 2
Joined: Sun Feb 08, 2009 7:01 pm
Location: UK

Re: [Discussion] Downtime and Server Compromise

Post by I Reject Reality » Sun Feb 08, 2009 7:08 pm

Well this a shame. I can't open my forum till the main phpbb site reopens (need a few Mods you see(, but thats completely irrelavent really. It's a real shame people do this, It's unfair on the phpBB team, the Forum admins who use the phpBB script, and the users of phpBB forums everywhere. I'm perfectly happy to wait until all the data is sanitized, I can see how important it is. Good luck everyone working to get it back up :)

mulkman
Registered User
Posts: 5
Joined: Sun Feb 08, 2009 5:12 pm

Re: [Discussion] Downtime and Server Compromise

Post by mulkman » Sun Feb 08, 2009 7:18 pm

Maybe you should develop your own phplist type of software.

A quick google search I found this page below. I think the guy that hacked your site has posted how he completed the hack.



Thanks, we are aware of the link
Last edited by ckwalsh on Sun Feb 08, 2009 7:24 pm, edited 1 time in total.
Reason: Thanks, we are aware of the link

User avatar
Dog Cow
Registered User
Posts: 271
Joined: Wed May 25, 2005 2:14 pm

Re: [Discussion] Downtime and Server Compromise

Post by Dog Cow » Sun Feb 08, 2009 7:19 pm

rockeiro wrote:
SamG wrote:Then we have the disgruntled approving such behavior, even by at least one person who is an avid supporter of phpBB 2. To me this whole thing is well beyond belief, both the exploit and the "they had it coming" attitude. You have to wonder when even 10 or 20 people say that the only thing our creep did wrong was to release their personal information into the wild.
This was the part I really didn't understand. I'm not digging for details either by the way, I'm just asking, who elected this *twit* the judge and jury against so called infractions by the phpBB staff? Who's got the real bad attitude in the end? Can anyone justify this criminal action in any way by pointing at the behavior of certain phpBB staff members?
If you can't understand the "why", then let me clue you in. The hacker doesn't give a damn about the phpBB software, or anyone related to it. If you read his blog, you'd realize that he wasn't even entirely familiar with the software itself. The only thing he cared about was getting access to the ~350,000 email addresses in phpbb.com

Hard-core hackers do so for the money, not "just because."

That's what separates this guy from a script-kiddie. If he was that kind of guy, he'd have defaced a page or two, then moved on. But no, he went deeper and dumped out all the email addresses. Do you know how much emails are "worth" in the underground/spammer community? Not as much as CC numbers, but they are still valuable.

The fact that roughly 2/3 the passwords are insecurely hashed absolutely pales in significance to the fact that the emails are now out everywhere, and you can be darn sure the spammers have just had a nice addition to their mailing lists.

Thanks, but the URL in unnecessary.
Last edited by ckwalsh on Sun Feb 08, 2009 7:28 pm, edited 1 time in total.
Reason: Thanks, but the URL in unnecessary

Post Reply