[split] Site offline

Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Forum rules
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
ice75
Registered User
Posts: 5
Joined: Sun Feb 01, 2009 10:14 pm

[split] Site offline

Post by ice75 » Sun Feb 01, 2009 10:17 pm

Funny enough my Forum is down since this morning/afternoon. Only my cache folder remains. Is this in anyway connected to the attack on phpbb? Have other phpbb forums been attacked too?

ice75
Registered User
Posts: 5
Joined: Sun Feb 01, 2009 10:14 pm

Re: [split] Site problem

Post by ice75 » Sun Feb 01, 2009 10:21 pm

Funny enough my Forum has gone down too. For some reasons the files have dissapeared! Only the cache folder has remained. :evil:

Does this have anything to do with the attack on phpbb? Have other phpbb based forums been attacked too?

Edit: can u ignore/delete my above post please ...
Last edited by ice75 on Sun Feb 01, 2009 10:22 pm, edited 1 time in total.

User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [split] Site problem

Post by A_Jelly_Doughnut » Sun Feb 01, 2009 10:22 pm

ice75 wrote: Does this have anything to do with the attack on phpbb? Have other phpbb based forums been attacked too?
No, and not that we're aware of. phpBB.com was attacked because we used the PHPList mailing list software.
A_Jelly_Doughnut

Phil
Registered User
Posts: 185
Joined: Sun Mar 11, 2007 3:20 am
Contact:

Re: [split] Site offline

Post by Phil » Sun Feb 01, 2009 10:23 pm

Any site issues you are experiencing are not related to phpBB.com's being hacked. phpBB3 does not have any known vulnerabilities at this time, and the attack was due to an out of date installation of PHPList, not phpBB3.
My phpbb.com account
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.

User avatar
ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: [split] Site offline

Post by ToonArmy » Sun Feb 01, 2009 10:23 pm

The attack on phpBB.com was limited to phpBB.com and entry was gained through another script not phpBB. The problems you are having sound grave but are completely unrelated.
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image

ice75
Registered User
Posts: 5
Joined: Sun Feb 01, 2009 10:14 pm

Re: [split] Site offline

Post by ice75 » Sun Feb 01, 2009 10:33 pm

Ok, must be something I did in that case. :oops:

Just thought that maybe someone has managed to hack phpbb files damaging other forums using phpbb too. Thanks for clearing that up anyway.

Gonna re-install my forum now ...

bjn
Registered User
Posts: 2
Joined: Sat Apr 15, 2006 10:51 pm

Re: [split] Site offline

Post by bjn » Sun Feb 01, 2009 10:54 pm

With regards to the phpList vulnerability and the site being down, is there any official announcement from phpBB other than here?

Apparently the people who hacked the site sent out emails to registered users of the forums on phpbb.com. Or at least I got an email purportedly from them, so I'm guessing I'm not the only one. They claim to have gotten access to the mysql database for the board and thus captured both everyone's email address and their usernames and encrypted passwords. They also claim to have cracked a large number of them already. Many people use the same username, password and email address at multiple sites. So this is a potential security problem that should be communicated to your users.

Perhaps this has been done somewhere already, but since I received that email last night, I've been unable to find any information directly from you guys until just a bit ago, I finally saw the post to which i linked above.

Thanks.

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 272
Joined: Thu Oct 27, 2005 1:45 am

Re: [split] Site offline

Post by Marshalrusty » Sun Feb 01, 2009 11:10 pm

It is true that the attacker obtained access to the database and created a backup of the users table. The passwords that they were able to "crack" are the plain md5 hashes left over from phpBB2. The hashes created by phpBB3 are much stronger and are not susceptible to the method being used. This is still a very serious breach of security and we are treating it as such.

Since phpBB3 updates the phpBB2 hashes after the first login, those people who are mostly affected by this have not visited phpBB.com in over a year. We are working on a way to contact them via the emails on file, but many of those are outdated as well.

I assure you that this is being taken very seriously and we are doing what is best for our users.

johnsemple
Registered User
Posts: 23
Joined: Sun Feb 01, 2009 10:42 pm

Re: [split] Site offline

Post by johnsemple » Sun Feb 01, 2009 11:11 pm

I have had problems with my board and used the same password for both phpBB.com and my own forum. My hosts believe that my software I use on the board has been attacked. I apologise but I have posted about my problem elsewhere on this board.

Keith W
Registered User
Posts: 10
Joined: Tue Feb 28, 2006 3:56 pm

Re: [split] Site offline

Post by Keith W » Sun Feb 01, 2009 11:15 pm

Guys if you are worried about your details/log in's etc. then use some common sense and change all passwords etc.

Locked