I wouldn't assume that the two would be connected in the way you describe, as they are infact separate incidents. I would however consider the possibility that the relation is rather a coordinated attack on the overall integrity of phpBB and the support of your userbase. Consider this, if I light your house on fire while you are at work, and then go to your job and slash the tires on your car. The two are completely separate. Infact, it may have been an accomplice of mine that does the slashing on your car. And maybe he did it on a different day. Our intention is the same though. To do you harm...Darcie wrote:I am absolutely convinced that the sudden influx of spam registration and the hacking event occurring at the same time are a complete coincidence. It is unfortunate that they have both taken place at the same time, but there is no way to link the two. A test board I have set up online with no posts, no members, no inward links (other than Google knowing it exists), and no relation to the information I have at phpbb.com has also incurred the same problem. There is absolutely no way to link it to the release of information taken from phpbb.com, and therefore I see no relation between the two events.
Sometimes coincidence is just that.
So let's please leave the spam discussion to the topic existing in the support forum. Thanks.
One doesn't need access to protected information to locate phpBB forums on the internet. The term "phpBB" is included in every footer, and therefore can be easily located through search engines, just as you describe. If someone wanted to do a mass attack on every phpBB forum out there, it wouldn't be too difficult to locate them. So when this initiative is launched, what will user's first reaction be when they realize something is wrong? How convenient is it then, that when those users immediately go to phpbb.com looking for support, as I did this morning, they see that your main website has even been compromised.
It may be coincidence as you say, but if not, I'd say that's quite a successful attack on phpBB.
At any rate...
I know you guys have a lot on your plate, so I wouldn't think of asking for an ETA. But is it possible to release a quick patch to address this CAPTCHA issue, rather than wait for all the touch ups and polishing of a full featured patch?Marshalrusty wrote:It seems that there is a new spam initiative that uses a script capable of reading the CAPTCHA. This is entirely unrelated to the incident that this topic is about. Changes to the CAPTCHA have been introduced in SVN for 3.0.5.
Thanks for the hard work