In other words, password hashes were available. In order to get teh actual password, some type of brute-forcing would need to be done.Passwords stored in the old format are much less secure than those stored in the new format. The attackers have been focusing purely on the passwords stored in the old format.
[Discussion] Downtime and Server Compromise
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
- A_Jelly_Doughnut
- Registered User
- Posts: 1780
- Joined: Wed Jun 04, 2003 4:23 pm
Re: [Discussion] Downtime and Server Compromise
From the announcement:
A_Jelly_Doughnut
Re: [Discussion] Downtime and Server Compromise
Any word on how things are going an a time line for it to be back online?
Thanks!
Dave
Thanks!
Dave
-
- Project Manager
- Posts: 273
- Joined: Thu Oct 27, 2005 1:45 am
Re: [Discussion] Downtime and Server Compromise
"As soon as we can" is the best estimate anyone can give. It might be a few days. We are trying to be very thorough.Daveht wrote:Any word on how things are going an a time line for it to be back online?
I'm not sure how you came to that conclusion from the announcement. Yes, modifications were made. Even if modifications were not made, that would be enough for us to take down the site for an investigation.parasolx wrote:Oic.. so attackers have entered through phplist to access all phpbb.com database. Then he could review all the private data which not allow being see by registered users.
If that happen, why phpbb.com have closed the board? Because it only can view the private data only, not edit any phpbb files?
Re: [Discussion] Downtime and Server Compromise
We're working as quickly as possible. We don't want to risk missing anything that might allow them to get back in. No estimates as of yet.
My phpbb.com account
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.
Re: [Discussion] Downtime and Server Compromise
Thank you!
Dave
Dave
Re: [Discussion] Downtime and Server Compromise
in phpbb3, there is a system that could send a mass email to all users.. and announcement wrote before said this problem doesn't related with phpbb software.
so, it is safe for me using phpbb3 for right now?
so, it is safe for me using phpbb3 for right now?
Re: [Discussion] Downtime and Server Compromise
There is nothing wrong with phpBB.parasolx wrote:in phpbb3, there is a system that could send a mass email to all users.. and announcement wrote before said this problem doesn't related with phpbb software.
so, it is safe for me using phpbb3 for right now?
- A_Jelly_Doughnut
- Registered User
- Posts: 1780
- Joined: Wed Jun 04, 2003 4:23 pm
Re: [Discussion] Downtime and Server Compromise
parasolx: This problem was not with phpBB3. The phpBB built-in mass email feature was not used at phpBB.com.
A_Jelly_Doughnut
Re: [Discussion] Downtime and Server Compromise
may i know why phpbb.com doesnt use phpbb mass email buit in? why use another software?
-
- Project Manager
- Posts: 273
- Joined: Thu Oct 27, 2005 1:45 am
Re: [Discussion] Downtime and Server Compromise
PHPList was completely separate from the board on phpBB.com. You didn't have to be a registered user on phpBB.com to receive newsletters. Not all registered users received newsletters.kripkorn wrote:may i know how phpbb.com doesnt use phpbb mass email buit in? why use another software?