[Discussion] Downtime and Server Compromise
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
- poyntesm
- Registered User
- Posts: 176
- Joined: Fri May 13, 2005 4:08 pm
- Location: Dublin, Ireland
- Contact:
Re: [Discussion] Downtime and Server Compromise
Hope I can ask a question. As a user who has logged in since the phpBB3 conversion I know my current password is in the newer format. However normally a conversion uses a different DB as its source. Does this copy of the phpBB2 DB still exist on the phpBB Database server?
My Mods :phpBB Garage, Quote With Or Without Images, phpbb/Mantis Integration
My Blog :poyntesm's blog
My Blog :poyntesm's blog
Re: [Discussion] Downtime and Server Compromise
No.poyntesm wrote:Hope I can ask a question. As a user who has logged in since the phpBB3 conversion I know my current password is in the newer format. However normally a conversion uses a different DB as its source. Does this copy of the phpBB2 DB still exist on the phpBB Database server?
When converting from v2 to v3 the passwords are not converted, the system is aware that the password is stored, not in the newer salted version of the password hash, so then prompts for the user then to change the password when first entering the forum after a conversion to v3.
Those members who have never visited since the conversion, are still in that 'state' where only a MD5 and not a salted hash has been used.
Starfoxtj Toolkit
ASAP member since 2004 - MS MVP (Windows Security) member since 2005
Live phpBB3 Forum
ASAP member since 2004 - MS MVP (Windows Security) member since 2005
Live phpBB3 Forum
- poyntesm
- Registered User
- Posts: 176
- Joined: Fri May 13, 2005 4:08 pm
- Location: Dublin, Ireland
- Contact:
Re: [Discussion] Downtime and Server Compromise
Can you confirm the No was to the question "Does this copy of the phpBB2 DB still exist on the phpBB Database server?"
I do understand what happens to the password from a phpBB3 point of view. My question was related to the fact that the password is left in an unchanged state in the original phpBB2 DB which is the source of the actual conversion to phpBB3. I am keen to know if this database still exists for phpBB.com or once the v3 conversion was completed was a dump taken and the actual DB removed from the server.
EDit: sorry for re-ask but your explaination threw me .. as I did not ask anything about that.. so thats why I just wanted to re-confirm.
I do understand what happens to the password from a phpBB3 point of view. My question was related to the fact that the password is left in an unchanged state in the original phpBB2 DB which is the source of the actual conversion to phpBB3. I am keen to know if this database still exists for phpBB.com or once the v3 conversion was completed was a dump taken and the actual DB removed from the server.
EDit: sorry for re-ask but your explaination threw me .. as I did not ask anything about that.. so thats why I just wanted to re-confirm.
My Mods :phpBB Garage, Quote With Or Without Images, phpbb/Mantis Integration
My Blog :poyntesm's blog
My Blog :poyntesm's blog
Re: [Discussion] Downtime and Server Compromise
No, the data of the old 2.0 installation was not present in the same database. The database solely held the 3.0 data.
No support via PM.
Trust me, I'm a doctor.
Trust me, I'm a doctor.
Re: [Discussion] Downtime and Server Compromise
Nor was it on the server.Kellanved wrote:No, the data of the old 2.0 installation was not present in the same database. The database solely held the 3.0 data.
Re: [Discussion] Downtime and Server Compromise
Any updates on how phpbb.com is doing?
- Erik Frèrejean
- Registered User
- Posts: 207
- Joined: Thu Oct 25, 2007 2:25 pm
- Location: surfnet
- Contact:
Re: [Discussion] Downtime and Server Compromise
No not really we have a list with things we have to do first. So the only answer we can give right now is that it will be done as soon as possible.
Available on .com
Support Toolkit developer
Support Toolkit developer
Re: [Discussion] Downtime and Server Compromise
At this time different team members are doing different tasks. The most time consuming part at the moment is sanitizing the database dumps.
Re: [Discussion] Downtime and Server Compromise
I really appreciate all the hard work that is going in to making sure that phpBB.com is not only brought back on-line, but done so in a manner that ensures the phpBB product it is using is as secure as it was before this unfortunate incident, as I know mine has been throughout the entire time I have been using it; ( I only started at 3.0.0 and I'm running 3.0.4, but you get the drift). At no point have I felt that my board would be compromised or that I needed to do anything extra to ensure security.
However having posted all that:
My best regards to all the phpBB.com team.
I know that this answer gets trotted out in regards to a lot of questions about phpBB regarding time-scales, but in this case it couldn't be more apt or appropriate.Erik Frèrejean wrote:........ is that it will be done as soon as possible.
However having posted all that:
is about the same as I feel and all I do is read and try to learnRMcGirr83 wrote:All I know is that I'm going through withdrawls...someone is going to pay!!
My best regards to all the phpBB.com team.
Re: [Discussion] Downtime and Server Compromise
Sorry to ask this, ive read the whole thread and i think its been answered but want to be sure to put my mind at rest....
Since ive logged in after the conversion to PHPBB3 my password has been converted and therefore cannot be compromised? Is that correct?
Thanks
Since ive logged in after the conversion to PHPBB3 my password has been converted and therefore cannot be compromised? Is that correct?
Thanks