[Discussion] Downtime and Server Compromise

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
Phil
Registered User
Posts: 185
Joined: Sun Mar 11, 2007 3:20 am
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by Phil »

If you are not running PHPList, you do not need to patch anything.
My phpbb.com account
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.
parasolx
Registered User
Posts: 10
Joined: Mon Feb 02, 2009 3:07 am

Re: [Discussion] Downtime and Server Compromise

Post by parasolx »

how to check that i used phplist?
User avatar
darcie
Community Team
Community Team
Posts: 189
Joined: Mon Mar 12, 2007 7:32 pm
Location: Davis, California
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by darcie »

This would have been a separate install you would have downloaded from phplist.com. It is not related to phpBB, it simply also uses PHP and it was something that phpBB.com had installed.
Keith W
Registered User
Posts: 10
Joined: Tue Feb 28, 2006 3:56 pm

Re: [Discussion] Downtime and Server Compromise

Post by Keith W »

If you are asking that question then I would say it is a safe bet that you are not using phplist
parasolx
Registered User
Posts: 10
Joined: Mon Feb 02, 2009 3:07 am

Re: [Discussion] Downtime and Server Compromise

Post by parasolx »

THANKS GOD FOR THAT..
Can someone elaborate what this phplist do?
Keith W
Registered User
Posts: 10
Joined: Tue Feb 28, 2006 3:56 pm

Re: [Discussion] Downtime and Server Compromise

Post by Keith W »

it is a mailing list software for sending things out like news letters
Phil
Registered User
Posts: 185
Joined: Sun Mar 11, 2007 3:20 am
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by Phil »

It is a mailing list script. It was used for the update notifications.

That being said, this topic is not for discussing PHPList -- it is for discussing the announcement Marshalrusty posted. Please keep on that topic.

Thanks.
My phpbb.com account
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.
ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by ToonArmy »

parasolx wrote:THANKS GOD FOR THAT..
Can someone elaborate what this phplist do?
Its a mailing list and sends many emails to subscribers. We use it to notify people of new phpBB versions.
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image
parasolx
Registered User
Posts: 10
Joined: Mon Feb 02, 2009 3:07 am

Re: [Discussion] Downtime and Server Compromise

Post by parasolx »

Oic.. so attackers have entered through phplist to access all phpbb.com database. Then he could review all the private data which not allow being see by registered users.

If that happen, why phpbb.com have closed the board? Because it only can view the private data only, not edit any phpbb files?
OTmaster
Registered User
Posts: 78
Joined: Fri Oct 29, 2004 1:38 am
Location: Your House
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by OTmaster »

The only thing they could have really gotten their hands on would be the email usernames correct or would they be able to obtain passwords to with the exploit?
Post Reply