PHPBB.com Hacked

It appears the official phpbb site has been taken down.

And these are the people you're suppose to use for your forum software? I don't think so.

Rule #1: Update your forum software often.

 

I cant displayed the page and say that I am sorry.

vBulletin > phpbb

 

Yeah, I tried to go there yesterday to find out about why I can't see the password reset link on the login page of a phpbb3 site I installed.

Their page rank was showing strong, but my IE said it couldn't connect! I was hoping it wasn't a security issue.

What is phplist?

 

bad news for phpBB fans :

 

The attack had nothing to do with the bb software. If you read your own quote you will see it had to do with phplist, not phpBB.

Kber, I don't think that link is necessary...do you?

 

agreed , removed .
by the way .. the phpBB3 software is 100% save .. the problem was in an old phplist installed on their website

 

They werent hacked through their software. They were using third party open source software called phplist (phplist.com) which allowed to hacker to enter their database and infiltrate the rest of the server.

Phplist has patched the vulnerability already.
http://www.phplist.com/?lid=274

 

Ya ..... phpbb.com was hacked in a very simple way ... i read the article writen by the hacker on how he hacked .

I really was shocked .... SO EASY

 

Maybe you should think about my post again. As you state...my own quote says it wasn't phpbb software. However it's still the development team of phpbb that made this poor decision to use phplist and not keep it updated. The breach of security is the fault of the phpbb team which are the people responsible also for the phpbb softwares security.

This all fell down to a poor choice by phpbb to use phplist. Again...is it wise to trust people with your security that can't even secure themselves?

Even more concerning is that their entire site is still down. Where are the backups? I have a feeling that phpbb has just reached an apex and from here on out...it's all downhill.

 

PHPBB hacker tells all!

 

He has a strange sense of fun.

Both http://ma.gnolia.com/ and phpBB are still down.
I have the same question don't they make backups and download them at least twice a day?
The biggest possible loss would equal ~12 hours of new data.

 

Well it's worse than just restoring obviously. They are gonna have to deal with thousands of hacked passwords and many angry people. Did you ever have an account at phpbb? If you did and you used that password elsewhere it's now on the open market.

 

I used to mess with phpBB and might have had an account.
Upgrading to *strength 100* passwords is a good idea for everybody who uses sites they care about.
Thanks, for the reminder.

 

This sucks...

How can this happen to the developers???? You'd think they have some pretty good hackers themselves working to protect such exploits, no?

 

Tip to people if you use the same password on all sites because its easy to remember thats dangerous, goo tip is to have a pass in this format

MYMASTERPASSWORD+SITEURL

at least then youu can have a easy to remember main password then just out the site url on at the end so that if the sites database gets compromised you know that pass is limited only to that site

 

This is scary, if developers can get hacked, than people have no reason to use them.
If they cant get their own system secured, who else will be using their products?

 

As mentioned a billion times, it wasn't there actual software/script that got hacked. It was 3rdparty software (phplist).

 

I don't care if it was a 3rd party script or not. phpbb still isn't as good or as secure as other free forum softwares such as SMF.

 

I like pbpbb and all that. I'm glad their site is back up, however, I'm having a horrible time searching the site to get mods for their version 3 code.

I never quite understood what the third party thing was used for..... (?)

 

Here are all the phpbb3 mod releases JoGoRound http://www.phpbb.com/community/viewforum.php?f=69