[Discussion] Downtime and Server Compromise

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
User avatar
poyntesm
Registered User
Posts: 176
Joined: Fri May 13, 2005 4:08 pm
Location: Dublin, Ireland
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by poyntesm »

Hope I can ask a question. As a user who has logged in since the phpBB3 conversion I know my current password is in the newer format. However normally a conversion uses a different DB as its source. Does this copy of the phpBB2 DB still exist on the phpBB Database server?

User avatar
ChrisRLG
Registered User
Posts: 160
Joined: Wed Oct 11, 2006 9:47 am
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by ChrisRLG »

poyntesm wrote:Hope I can ask a question. As a user who has logged in since the phpBB3 conversion I know my current password is in the newer format. However normally a conversion uses a different DB as its source. Does this copy of the phpBB2 DB still exist on the phpBB Database server?
No.

When converting from v2 to v3 the passwords are not converted, the system is aware that the password is stored, not in the newer salted version of the password hash, so then prompts for the user then to change the password when first entering the forum after a conversion to v3.

Those members who have never visited since the conversion, are still in that 'state' where only a MD5 and not a salted hash has been used.

User avatar
poyntesm
Registered User
Posts: 176
Joined: Fri May 13, 2005 4:08 pm
Location: Dublin, Ireland
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by poyntesm »

Can you confirm the No was to the question "Does this copy of the phpBB2 DB still exist on the phpBB Database server?"

I do understand what happens to the password from a phpBB3 point of view. My question was related to the fact that the password is left in an unchanged state in the original phpBB2 DB which is the source of the actual conversion to phpBB3. I am keen to know if this database still exists for phpBB.com or once the v3 conversion was completed was a dump taken and the actual DB removed from the server.

EDit: sorry for re-ask but your explaination threw me .. as I did not ask anything about that.. so thats why I just wanted to re-confirm.

User avatar
Kellanved
Former Team Member
Posts: 407
Joined: Sun Jul 30, 2006 4:59 pm
Location: Berlin

Re: [Discussion] Downtime and Server Compromise

Post by Kellanved »

No, the data of the old 2.0 installation was not present in the same database. The database solely held the 3.0 data.
No support via PM.
Trust me, I'm a doctor.

ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by ToonArmy »

Kellanved wrote:No, the data of the old 2.0 installation was not present in the same database. The database solely held the 3.0 data.
Nor was it on the server.
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image

Brandon07
Registered User
Posts: 21
Joined: Mon Feb 02, 2009 1:09 pm
Location: Michigan
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by Brandon07 »

Any updates on how phpbb.com is doing? :D

User avatar
Erik Frèrejean
Registered User
Posts: 207
Joined: Thu Oct 25, 2007 2:25 pm
Location: surfnet
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by Erik Frèrejean »

No not really we have a list with things we have to do first. So the only answer we can give right now is that it will be done as soon as possible.
Available on .com
Support Toolkit developer

User avatar
Acyd Burn
Posts: 1838
Joined: Tue Oct 08, 2002 5:18 pm
Location: Behind You
Contact:

Re: [Discussion] Downtime and Server Compromise

Post by Acyd Burn »

At this time different team members are doing different tasks. The most time consuming part at the moment is sanitizing the database dumps.

Image

KeithR
Registered User
Posts: 23
Joined: Mon Feb 02, 2009 7:22 pm

Re: [Discussion] Downtime and Server Compromise

Post by KeithR »

I really appreciate all the hard work that is going in to making sure that phpBB.com is not only brought back on-line, but done so in a manner that ensures the phpBB product it is using is as secure as it was before this unfortunate incident, as I know mine has been throughout the entire time I have been using it; ( I only started at 3.0.0 and I'm running 3.0.4, but you get the drift). At no point have I felt that my board would be compromised or that I needed to do anything extra to ensure security.
Erik Frèrejean wrote:........ is that it will be done as soon as possible.
I know that this answer gets trotted out in regards to a lot of questions about phpBB regarding time-scales, but in this case it couldn't be more apt or appropriate.

However having posted all that:
RMcGirr83 wrote:All I know is that I'm going through withdrawls...someone is going to pay!! :mad:
is about the same as I feel and all I do is read and try to learn :P

My best regards to all the phpBB.com team.

madtay
Posts: 72
Joined: Fri Aug 18, 2006 7:52 am

Re: [Discussion] Downtime and Server Compromise

Post by madtay »

Sorry to ask this, ive read the whole thread and i think its been answered but want to be sure to put my mind at rest....

Since ive logged in after the conversion to PHPBB3 my password has been converted and therefore cannot be compromised? Is that correct?

Thanks

Post Reply