1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

PHPBB.com Hacked

Discussion in 'vBulletin' started by RectangleMan, Feb 1, 2009.

  1. #1
    It appears the official phpbb site has been taken down.

    And these are the people you're suppose to use for your forum software? I don't think so.

    Rule #1: Update your forum software often.
     
    RectangleMan, Feb 1, 2009 IP
  2. Provenzano

    Provenzano Active Member

    Messages:
    190
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #2
    I cant displayed the page and say that I am sorry.

    vBulletin > phpbb
     
    Provenzano, Feb 1, 2009 IP
  3. Karen May Jones

    Karen May Jones Prominent Member

    Messages:
    3,469
    Likes Received:
    290
    Best Answers:
    1
    Trophy Points:
    380
    #3
    Yeah, I tried to go there yesterday to find out about why I can't see the password reset link on the login page of a phpbb3 site I installed.

    Their page rank was showing strong, but my IE said it couldn't connect! I was hoping it wasn't a security issue.

    What is phplist?
     
    Karen May Jones, Feb 1, 2009 IP
  4. kber

    kber Well-Known Member

    Messages:
    888
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    110
    #4
    bad news for phpBB fans :
     
    kber, Feb 2, 2009 IP
  5. RMcGirr83

    RMcGirr83 Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    The attack had nothing to do with the bb software. If you read your own quote you will see it had to do with phplist, not phpBB.

    Kber, I don't think that link is necessary...do you?
     
    RMcGirr83, Feb 2, 2009 IP
  6. kber

    kber Well-Known Member

    Messages:
    888
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    110
    #6
    agreed , removed .
    by the way .. the phpBB3 software is 100% save .. the problem was in an old phplist installed on their website
     
    kber, Feb 2, 2009 IP
  7. Dragoon

    Dragoon Member

    Messages:
    374
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    30
    #7
    They werent hacked through their software. They were using third party open source software called phplist (phplist.com) which allowed to hacker to enter their database and infiltrate the rest of the server.

    Phplist has patched the vulnerability already.
    http://www.phplist.com/?lid=274
     
    Dragoon, Feb 2, 2009 IP
  8. Mr.wCruiser

    Mr.wCruiser Active Member

    Messages:
    129
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #8
    Ya ..... phpbb.com was hacked in a very simple way ... i read the article writen by the hacker on how he hacked .

    I really was shocked .... SO EASY
     
    Mr.wCruiser, Feb 5, 2009 IP
  9. RectangleMan

    RectangleMan Notable Member

    Messages:
    2,825
    Likes Received:
    132
    Best Answers:
    0
    Trophy Points:
    210
    #9
    Maybe you should think about my post again. As you state...my own quote says it wasn't phpbb software. However it's still the development team of phpbb that made this poor decision to use phplist and not keep it updated. The breach of security is the fault of the phpbb team which are the people responsible also for the phpbb softwares security.

    This all fell down to a poor choice by phpbb to use phplist. Again...is it wise to trust people with your security that can't even secure themselves?

    Even more concerning is that their entire site is still down. Where are the backups? I have a feeling that phpbb has just reached an apex and from here on out...it's all downhill.
     
    RectangleMan, Feb 5, 2009 IP
  10. downloadthenet

    downloadthenet Active Member

    Messages:
    497
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    78
    #10
    PHPBB hacker tells all!

     
    downloadthenet, Feb 5, 2009 IP
  11. gemini181

    gemini181 Well-Known Member

    Messages:
    2,883
    Likes Received:
    134
    Best Answers:
    0
    Trophy Points:
    155
    #11
    He has a strange sense of fun.

    Both http://ma.gnolia.com/ and phpBB are still down.
    I have the same question don't they make backups and download them at least twice a day? :confused:
    The biggest possible loss would equal ~12 hours of new data.
     
    gemini181, Feb 5, 2009 IP
  12. RectangleMan

    RectangleMan Notable Member

    Messages:
    2,825
    Likes Received:
    132
    Best Answers:
    0
    Trophy Points:
    210
    #12
    Well it's worse than just restoring obviously. They are gonna have to deal with thousands of hacked passwords and many angry people. Did you ever have an account at phpbb? If you did and you used that password elsewhere it's now on the open market.
     
    RectangleMan, Feb 5, 2009 IP
  13. gemini181

    gemini181 Well-Known Member

    Messages:
    2,883
    Likes Received:
    134
    Best Answers:
    0
    Trophy Points:
    155
    #13
    I used to mess with phpBB and might have had an account.
    Upgrading to *strength 100* passwords is a good idea for everybody who uses sites they care about.
    Thanks, for the reminder.
     
    gemini181, Feb 5, 2009 IP
  14. giorgioarmani

    giorgioarmani Well-Known Member

    Messages:
    2,633
    Likes Received:
    40
    Best Answers:
    0
    Trophy Points:
    160
    #14
    This sucks...

    How can this happen to the developers???? You'd think they have some pretty good hackers themselves working to protect such exploits, no?
     
    giorgioarmani, Feb 6, 2009 IP
  15. zinc-uk

    zinc-uk Peon

    Messages:
    365
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #15
    Tip to people if you use the same password on all sites because its easy to remember thats dangerous, goo tip is to have a pass in this format

    MYMASTERPASSWORD+SITEURL

    at least then youu can have a easy to remember main password then just out the site url on at the end so that if the sites database gets compromised you know that pass is limited only to that site
     
    zinc-uk, Feb 6, 2009 IP
  16. ramstien

    ramstien Peon

    Messages:
    43
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #16
    This is scary, if developers can get hacked, than people have no reason to use them.
    If they cant get their own system secured, who else will be using their products?
     
    ramstien, Feb 6, 2009 IP
  17. dannywwww

    dannywwww Well-Known Member

    Messages:
    804
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    110
    #17
    As mentioned a billion times, it wasn't there actual software/script that got hacked. It was 3rdparty software (phplist).
     
    dannywwww, Feb 6, 2009 IP
    JoyGoRound likes this.
  18. touchAshley

    touchAshley Active Member

    Messages:
    1,762
    Likes Received:
    85
    Best Answers:
    0
    Trophy Points:
    90
    #18
    I don't care if it was a 3rd party script or not. phpbb still isn't as good or as secure as other free forum softwares such as SMF.
     
    touchAshley, Feb 11, 2009 IP
  19. Karen May Jones

    Karen May Jones Prominent Member

    Messages:
    3,469
    Likes Received:
    290
    Best Answers:
    1
    Trophy Points:
    380
    #19
    I like pbpbb and all that. I'm glad their site is back up, however, I'm having a horrible time searching the site to get mods for their version 3 code.

    I never quite understood what the third party thing was used for..... (?)
     
    Karen May Jones, Feb 13, 2009 IP
  20. downloadthenet

    downloadthenet Active Member

    Messages:
    497
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    78
    #20
    downloadthenet, Feb 13, 2009 IP
    JoyGoRound likes this.