phpBB attack
phpBB attack
What, why, who??!?
Good God!
Just saw the message a few moments ago after coming home from work!
This is terrible, hope there's not too much damage done.
Anyone with news on the subject?
Back in a bit, have to have dinner and start changing passwords... just in case.
Good God!
Just saw the message a few moments ago after coming home from work!
This is terrible, hope there's not too much damage done.
Anyone with news on the subject?
Back in a bit, have to have dinner and start changing passwords... just in case.
Re: phpBB attack
Downtime
(Update #2) On Sunday Dec. 14th, several of the web servers powering phpBB.com were compromised. Upon discovering the ongoing attack, we immediately took our network offline to perform a thorough investigation, which is continuing.
At this time, we would like to ask everyone to follow basic security protocol. If you were using your http://www.phpBB.com or area51.phpBB.com passwords anywhere else, please change them to unqiue ones.
Your personal phpBB Forums are NOT affected by the compromise of our servers.
We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days.
Further updates will be posted here when we have additional information.
If you need urgent assistance, please make use of the #phpbb IRC channel on Freenode. A web-based client is available at http://webchat.freenode.net.
- The phpBB Team
it's because of the stupid 3.1 update! they changed so many code and maybe left some "doors" opened by mistake! why they made an update so complex?!? 3.0.12 was simple and stable..
(Update #2) On Sunday Dec. 14th, several of the web servers powering phpBB.com were compromised. Upon discovering the ongoing attack, we immediately took our network offline to perform a thorough investigation, which is continuing.
At this time, we would like to ask everyone to follow basic security protocol. If you were using your http://www.phpBB.com or area51.phpBB.com passwords anywhere else, please change them to unqiue ones.
Your personal phpBB Forums are NOT affected by the compromise of our servers.
We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days.
Further updates will be posted here when we have additional information.
If you need urgent assistance, please make use of the #phpbb IRC channel on Freenode. A web-based client is available at http://webchat.freenode.net.
- The phpBB Team
it's because of the stupid 3.1 update! they changed so many code and maybe left some "doors" opened by mistake! why they made an update so complex?!? 3.0.12 was simple and stable..
-
- Old member
- Posts: 677
- Joined: 30 Mar 2011, 00:32
- Contact:
Re: phpBB attack
More like a mysql attack hence change your password (security protocol my ass) chances are if you look on the right site your find a list of user's emails and passwords this was a common thing back in the day of yahoo booter sites.
They got owned and lists were put up on certain sites for every one to see.
They got owned and lists were put up on certain sites for every one to see.
Re: phpBB attack
An attacker couldn't gain the passwords from a database attack because they aren't stored, only a hash of the password is.
Re: phpBB attack
Tapatalk was also compromised over the weekend, via some 3rd party plugin on their support forums.Oyabub1 wrote:An attacker couldn't gain the passwords from a database attack because they aren't stored, only a hash of the password is.
The attackers installed a XenForo plugin which decrypts passwords, and they stole them.
Re: phpBB attack
Wow!!!Additionally, all logins on area51 between Dec. 12th and Dec. 15th were logged in plaintext
Re: phpBB attack
Yeah...RMcGirr83 wrote:Wow!!!Additionally, all logins on area51 between Dec. 12th and Dec. 15th were logged in plaintext
Re: phpBB attack
Xenforo's hash isn't as good as phpBB's. They don't use phpass (or Bcrypt as phpbb.com and area51 have since 3.1)antonjw wrote:The attackers installed a XenForo plugin which decrypts passwords, and they stole them.
There is an interesting comment here regarding the Ars breach, which it is presumed was done in a similar way because it was done by the same people. Cracking phpBB passwords is not quick.
-
- Old member
- Posts: 677
- Joined: 30 Mar 2011, 00:32
- Contact:
Re: phpBB attack
Just as i said in my other post.
The attackers were able to obtain access to the phpBB.com and area51 databases
The attackers were able to obtain access to the phpBB.com and area51 databases
Re: phpBB attack
Oyabub1 wrote:There is an interesting comment here regarding the Ars breach, which it is presumed was done in a similar way because it was done by the same people. Cracking phpBB passwords is not quick.
Emphasis in bold added by me.These intrusions seem to be becoming more common and there really seems to be a systemic problem of people not taking security seriously (despite paying lots of lip service). Don't get me wrong, strong encryption on your database of user passwords is a very good thing. But not letting people get to that database in the first place is, in my opinion, even more important.
-
- Old member
- Posts: 677
- Joined: 30 Mar 2011, 00:32
- Contact:
- Allen42
- New member
- Posts: 6
- Joined: 07 Dec 2014, 07:12
- Real name: Allen Nguyen
- Location: Sugar Land, Texas, USA
- Contact:
Re: phpBB attack
I don't know what's going on with the phpBB site and the Area51 development board? A major problem has initiated the security breach that the attackers were attempting to breach their security databases, and I need to prevent that from making a breach to our database of the phpBB site.
Remember that I'm a helper here and the phpBB forum.
Remember that I'm a helper here and the phpBB forum.
- Lumpy Burgertushie
- New member
- Posts: 2
- Joined: 08 Oct 2011, 23:30
Re: phpBB attack
why would you have a copy of the phpbb database? If you mean your own database of your own phpbb board then unless you are using the same username password for your database that you use to log in to phpbb you have nothing to worry about.
robert
robert