[split] Site offline
Forum rules
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
[split] Site offline
Funny enough my Forum is down since this morning/afternoon. Only my cache folder remains. Is this in anyway connected to the attack on phpbb? Have other phpbb forums been attacked too?
Re: [split] Site problem
Funny enough my Forum has gone down too. For some reasons the files have dissapeared! Only the cache folder has remained.
Does this have anything to do with the attack on phpbb? Have other phpbb based forums been attacked too?
Edit: can u ignore/delete my above post please ...
Does this have anything to do with the attack on phpbb? Have other phpbb based forums been attacked too?
Edit: can u ignore/delete my above post please ...
Last edited by ice75 on Sun Feb 01, 2009 10:22 pm, edited 1 time in total.
- A_Jelly_Doughnut
- Registered User
- Posts: 1780
- Joined: Wed Jun 04, 2003 4:23 pm
Re: [split] Site problem
No, and not that we're aware of. phpBB.com was attacked because we used the PHPList mailing list software.ice75 wrote: Does this have anything to do with the attack on phpbb? Have other phpbb based forums been attacked too?
A_Jelly_Doughnut
Re: [split] Site offline
Any site issues you are experiencing are not related to phpBB.com's being hacked. phpBB3 does not have any known vulnerabilities at this time, and the attack was due to an out of date installation of PHPList, not phpBB3.
My phpbb.com account
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.
Re: [split] Site offline
The attack on phpBB.com was limited to phpBB.com and entry was gained through another script not phpBB. The problems you are having sound grave but are completely unrelated.
Re: [split] Site offline
Ok, must be something I did in that case.
Just thought that maybe someone has managed to hack phpbb files damaging other forums using phpbb too. Thanks for clearing that up anyway.
Gonna re-install my forum now ...
Just thought that maybe someone has managed to hack phpbb files damaging other forums using phpbb too. Thanks for clearing that up anyway.
Gonna re-install my forum now ...
Re: [split] Site offline
With regards to the phpList vulnerability and the site being down, is there any official announcement from phpBB other than here?
Apparently the people who hacked the site sent out emails to registered users of the forums on phpbb.com. Or at least I got an email purportedly from them, so I'm guessing I'm not the only one. They claim to have gotten access to the mysql database for the board and thus captured both everyone's email address and their usernames and encrypted passwords. They also claim to have cracked a large number of them already. Many people use the same username, password and email address at multiple sites. So this is a potential security problem that should be communicated to your users.
Perhaps this has been done somewhere already, but since I received that email last night, I've been unable to find any information directly from you guys until just a bit ago, I finally saw the post to which i linked above.
Thanks.
Apparently the people who hacked the site sent out emails to registered users of the forums on phpbb.com. Or at least I got an email purportedly from them, so I'm guessing I'm not the only one. They claim to have gotten access to the mysql database for the board and thus captured both everyone's email address and their usernames and encrypted passwords. They also claim to have cracked a large number of them already. Many people use the same username, password and email address at multiple sites. So this is a potential security problem that should be communicated to your users.
Perhaps this has been done somewhere already, but since I received that email last night, I've been unable to find any information directly from you guys until just a bit ago, I finally saw the post to which i linked above.
Thanks.
-
- Project Manager
- Posts: 273
- Joined: Thu Oct 27, 2005 1:45 am
Re: [split] Site offline
It is true that the attacker obtained access to the database and created a backup of the users table. The passwords that they were able to "crack" are the plain md5 hashes left over from phpBB2. The hashes created by phpBB3 are much stronger and are not susceptible to the method being used. This is still a very serious breach of security and we are treating it as such.
Since phpBB3 updates the phpBB2 hashes after the first login, those people who are mostly affected by this have not visited phpBB.com in over a year. We are working on a way to contact them via the emails on file, but many of those are outdated as well.
I assure you that this is being taken very seriously and we are doing what is best for our users.
Since phpBB3 updates the phpBB2 hashes after the first login, those people who are mostly affected by this have not visited phpBB.com in over a year. We are working on a way to contact them via the emails on file, but many of those are outdated as well.
I assure you that this is being taken very seriously and we are doing what is best for our users.
-
- Registered User
- Posts: 23
- Joined: Sun Feb 01, 2009 10:42 pm
Re: [split] Site offline
I have had problems with my board and used the same password for both phpBB.com and my own forum. My hosts believe that my software I use on the board has been attacked. I apologise but I have posted about my problem elsewhere on this board.
Re: [split] Site offline
Guys if you are worried about your details/log in's etc. then use some common sense and change all passwords etc.