Page 1 of 1
phpBB attack
Posted: 15 Dec 2014, 20:29
by Boardtalk
What, why, who??!?
Good God!
Just saw the message a few moments ago after coming home from work!
This is terrible, hope there's not too much damage done.
Anyone with news on the subject?
Back in a bit, have to have dinner and start changing passwords... just in case.
Re: phpBB attack
Posted: 15 Dec 2014, 21:07
by deejay_xb
Downtime
(Update #2) On Sunday Dec. 14th, several of the web servers powering phpBB.com were compromised. Upon discovering the ongoing attack, we immediately took our network offline to perform a thorough investigation, which is continuing.
At this time, we would like to ask everyone to follow basic security protocol. If you were using your
http://www.phpBB.com or area51.phpBB.com passwords anywhere else, please change them to unqiue ones.
Your personal phpBB Forums are NOT affected by the compromise of our servers.
We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days.
Further updates will be posted here when we have additional information.
If you need urgent assistance, please make use of the #phpbb IRC channel on Freenode. A web-based client is available at
http://webchat.freenode.net.
- The phpBB Team
it's because of the stupid 3.1 update! they changed so many code and maybe left some "doors" opened by mistake! why they made an update so complex?!? 3.0.12 was simple and stable..
Re: phpBB attack
Posted: 15 Dec 2014, 22:12
by martin123456
More like a mysql attack hence change your password (security protocol my ass) chances are if you look on the right site your find a list of user's emails and passwords this was a common thing back in the day of yahoo booter sites.
They got owned and lists were put up on certain sites for every one to see.
Re: phpBB attack
Posted: 15 Dec 2014, 23:02
by Oyabun1
An attacker couldn't gain the passwords from a database attack because they aren't stored, only a hash of the password is.
Re: phpBB attack
Posted: 16 Dec 2014, 20:40
by antonjw
Re: phpBB attack
Posted: 17 Dec 2014, 02:04
by RMcGirr83
Re: phpBB attack
Posted: 17 Dec 2014, 08:05
by deejay_xb
voodoo for phpbb because of the 3.1 update
)
Re: phpBB attack
Posted: 17 Dec 2014, 09:46
by Pete
Re: phpBB attack
Posted: 17 Dec 2014, 11:27
by Oyabun1
Re: phpBB attack
Posted: 17 Dec 2014, 11:48
by martin123456
Just as i said in my other post.
The attackers were able to obtain access to the phpBB.com and area51 databases
Re: phpBB attack
Posted: 17 Dec 2014, 12:13
by RMcGirr83
Re: phpBB attack
Posted: 17 Dec 2014, 22:55
by martin123456
Re: phpBB attack
Posted: 18 Dec 2014, 10:38
by steve
I bet it was that necofem (spell check) developers account he seemed dodgy
Re: phpBB attack
Posted: 22 Dec 2014, 07:48
by Allen42
I don't know what's going on with the phpBB site and the Area51 development board? A major problem has initiated the security breach that the attackers were attempting to breach their security databases, and I need to prevent that from making a breach to our database of the phpBB site.
Remember that I'm a helper here and the phpBB forum.
Re: phpBB attack
Posted: 22 Dec 2014, 15:59
by Lumpy Burgertushie
why would you have a copy of the phpbb database? If you mean your own database of your own phpbb board then unless you are using the same username password for your database that you use to log in to phpbb you have nothing to worry about.
robert