[Discussion] Downtime and Server Compromise

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [Discussion] Downtime and Server Compromise

Post by A_Jelly_Doughnut »

From the announcement:
Passwords stored in the old format are much less secure than those stored in the new format. The attackers have been focusing purely on the passwords stored in the old format.
In other words, password hashes were available. In order to get teh actual password, some type of brute-forcing would need to be done.
A_Jelly_Doughnut
Daveht
Registered User
Posts: 18
Joined: Sun Feb 01, 2009 11:12 pm

Re: [Discussion] Downtime and Server Compromise

Post by Daveht »

Any word on how things are going an a time line for it to be back online?

Thanks!
Dave
Marshalrusty
Project Manager
Project Manager
Posts: 273
Joined: Thu Oct 27, 2005 1:45 am

Re: [Discussion] Downtime and Server Compromise

Post by Marshalrusty »

Daveht wrote:Any word on how things are going an a time line for it to be back online?
"As soon as we can" is the best estimate anyone can give. It might be a few days. We are trying to be very thorough.
parasolx wrote:Oic.. so attackers have entered through phplist to access all phpbb.com database. Then he could review all the private data which not allow being see by registered users.

If that happen, why phpbb.com have closed the board? Because it only can view the private data only, not edit any phpbb files?
I'm not sure how you came to that conclusion from the announcement. Yes, modifications were made. Even if modifications were not made, that would be enough for us to take down the site for an investigation.
Phil
Registered User
Posts: 185
Joined: Sun Mar 11, 2007 3:20 am
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by Phil »

We're working as quickly as possible. We don't want to risk missing anything that might allow them to get back in. No estimates as of yet.
My phpbb.com account
Note that any of my opinions expressed in RFC topics are my own and not necessarily representative of the opinion of the phpBB Team.
Daveht
Registered User
Posts: 18
Joined: Sun Feb 01, 2009 11:12 pm

Re: [Discussion] Downtime and Server Compromise

Post by Daveht »

Thank you!

Dave
parasolx
Registered User
Posts: 10
Joined: Mon Feb 02, 2009 3:07 am

Re: [Discussion] Downtime and Server Compromise

Post by parasolx »

in phpbb3, there is a system that could send a mass email to all users.. and announcement wrote before said this problem doesn't related with phpbb software.

so, it is safe for me using phpbb3 for right now?
ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by ToonArmy »

parasolx wrote:in phpbb3, there is a system that could send a mass email to all users.. and announcement wrote before said this problem doesn't related with phpbb software.

so, it is safe for me using phpbb3 for right now?
There is nothing wrong with phpBB.
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image
User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [Discussion] Downtime and Server Compromise

Post by A_Jelly_Doughnut »

parasolx: This problem was not with phpBB3. The phpBB built-in mass email feature was not used at phpBB.com.
A_Jelly_Doughnut
kripkorn
Registered User
Posts: 1
Joined: Mon Feb 02, 2009 4:21 am

Re: [Discussion] Downtime and Server Compromise

Post by kripkorn »

may i know why phpbb.com doesnt use phpbb mass email buit in? why use another software?
Marshalrusty
Project Manager
Project Manager
Posts: 273
Joined: Thu Oct 27, 2005 1:45 am

Re: [Discussion] Downtime and Server Compromise

Post by Marshalrusty »

kripkorn wrote:may i know how phpbb.com doesnt use phpbb mass email buit in? why use another software?
PHPList was completely separate from the board on phpBB.com. You didn't have to be a registered user on phpBB.com to receive newsletters. Not all registered users received newsletters.
Post Reply