The download for phpBB can be found on sourceforge or ohloh, fwiw.
Also, you will always have human spammers. IIRC, no non-human bot has broken the captcha.
[Discussion] Downtime and Server Compromise
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Re: [Discussion] Downtime and Server Compromise
Do not hire Christian Bullock he won't finish the job and will keep your money
- Erik Frèrejean
- Registered User
- Posts: 207
- Joined: Thu Oct 25, 2007 2:25 pm
- Location: surfnet
- Contact:
Re: [Discussion] Downtime and Server Compromise
The only update I can give is that various team member are working around the clock on various tasks. I'm sorry, but much further into detail I can't go right now.NexusV2 wrote:Hey, just wondering if you guys had any updates on how the revival is coming along?
@Pollik:
We are aware that some spam bots seem to have broken the captcha (there are improvements coming in 3.0.5). This is however in no way related to the hack. The timing is really bad, but they would have broken it if the hack wasn't been done.
For now your best defence against them is setting your board up that every first post has to be approved by a moderator (the same thing we do here), as you will recognize most (if not all) spammers on their first post
Available on .com
Support Toolkit developer
Support Toolkit developer
-
- Posts: 171
- Joined: Sun Jan 29, 2006 1:00 pm
- Location: Germany
- Contact:
Re: [Discussion] Downtime and Server Compromise
Hello,
it seems the spam-bots are able to fill out required custom profile fields, too!
Bye Martin
it seems the spam-bots are able to fill out required custom profile fields, too!
Bye Martin
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs
Re: [Discussion] Downtime and Server Compromise
My own board has not been hit at all - although that may well be because "they" know that we report EVERY instance to the ISP or hoster of those who post (or even try to) spam or any hack attempts.Pollik wrote:I am not wholly convinced.
Since that post was made, I have had half a dozen applications to join my board that are prima facie spam - somehow squeezing past the anti-bot test.
It may well be that spammers are taking advantage of the main phpBB.com site being off the air. Perhaps even the attack was timed to be just before a major push by the spammers. But that would all be speculation.
That is true - the hack was via other software and we have not had any reports of confirmed (or otherwise) hacks via the phpBB3 software.Pollik wrote:" It is important to stress that no vulnerabilities have been found in the phpBB software itself."
Starfoxtj Toolkit
ASAP member since 2004 - MS MVP (Windows Security) member since 2005
Live phpBB3 Forum
ASAP member since 2004 - MS MVP (Windows Security) member since 2005
Live phpBB3 Forum
-
- Registered User
- Posts: 1
- Joined: Thu Feb 05, 2009 4:36 pm
- Location: Scotland
- Contact:
Re: [Discussion] Downtime and Server Compromise
its a shame to see any forum hacked specially when its due to an third party software, I do hope your main site will be up soon
Re: [Discussion] Downtime and Server Compromise
I accept that. However, the timing is suspicious - months of operation without observable spammers followed by a small flood (on two entirely separate forums) starting on 2 February, the date of the post I referenced.RMcGirr83 wrote:Also, you will always have human spammers. IIRC, no non-human bot has broken the captcha.
I am passing data that may or may not help. Please do not rule out the (remote) possibility that a way round or through captcha can be found. I can recall banks telling us that ATMs were fraud proof (they are not) and that credit cards with PINS are fraud proof (they are not, either). For the villains, a block or a barrier is a challenge to be beaten and I think it may be unwise to be complacement. I grant that other explanations may be more likely and should be explored first.
Polly
Re: [Discussion] Downtime and Server Compromise
Thank you Erik, that is extremely helpfulErik Frèrejean wrote:The only update I can give is that various team member are working around the clock on various tasks. I'm sorry, but much further into detail I can't go right now.NexusV2 wrote:Hey, just wondering if you guys had any updates on how the revival is coming along?
@Pollik:
We are aware that some spam bots seem to have broken the captcha (there are improvements coming in 3.0.5). This is however in no way related to the hack. The timing is really bad, but they would have broken it if the hack wasn't been done.
For now your best defence against them is setting your board up that every first post has to be approved by a moderator (the same thing we do here), as you will recognize most (if not all) spammers on their first post
Polly
Re: [Discussion] Downtime and Server Compromise
...if I can work out how. :/Thank you Erik, that is extremely helpfulFor now your best defence against them is setting your board up that every first post has to be approved by a moderator (the same thing we do here), as you will recognize most (if not all) spammers on their first post
Polly
-
- Posts: 171
- Joined: Sun Jan 29, 2006 1:00 pm
- Location: Germany
- Contact:
Re: [Discussion] Downtime and Server Compromise
Hello,
Double Activation cannot prevend human spam-bots from registering but from posting: http://www.martin-truckenbrodt.com/cgi/ ... m.php?f=22
1.2.4 is in validation process for the phpbb.com MODDB.
1.0.8 is the last validated version. But it's not working correctly with phpBB 3.0.4.
Bye Martin
Double Activation cannot prevend human spam-bots from registering but from posting: http://www.martin-truckenbrodt.com/cgi/ ... m.php?f=22
1.2.4 is in validation process for the phpbb.com MODDB.
1.0.8 is the last validated version. But it's not working correctly with phpBB 3.0.4.
Bye Martin
Advanced Block MOD 1.1.1 has been released! - Prevent spam on your phpBB3 board with Stop Forum Spam, BotScout, Akismet, Project Honey Pot and several IP-RBL and Domain-RBL DNS blacklists! - My MODs