|
phpBB.com HACKED!!
Bad News for phpBB users:
So far, the phpbb.com remains offline. *** Removed link and content of this post. We do not need to link to websites ran by hackers or list passwords of another site. *** |
sad news indeed
|
It´s very unfortunate. I hope they get everything sorted.
|
Well all i can say is that i hope they sort this out asap, Its a nightmare when something like this happens, it feels like you've been robbed. What was the whole point of this??, Very Sad indeed :(
|
I hope they get it sorted too.
OMG, is that the hacker posting copies of its user database to rapid share???? |
Just be fortunate that you don't have a phpbb forum, this would be good for jelsoft... More potential customers ;)
|
They used a security hole in phplist.
If anyone use this newsletter tool, here is the fix for this hole: security update version 2.10.9 29 January 2009 We've released version 2.10.9 that fixes a local file include vulnerability.This vulnerability allows attackers to display the contents of files on the server, which can aid them to gain unauthorised access. Everyone using any version up to this one is advised to upgrade as soon as possible. Any clients hosted by Tincan have already been patched or upgraded. If you don't want to upgrade now, you can fix the vulnerability quickly by adding the following line to the top of the index file in the admin directory: ---------- if (isset($_REQUEST['_SERVER'])) { exit; } http://www.phplist.com/?lid=274 |
Quote:
|
Quote:
Quote:
|
Info from AREA51 (phpbb dev forum):
Quote:
|
Quote:
yeah but not before 100's or even 1000's downloaded the data. :eek: |
Man, it seems they were using plain text passwords... in text files... WOW! :eek:
|
Yeah exactly. That's pretty bad... I hope they find the people that hacked them. Lawsuit? :)
|
That was a great read.
|
This is really a shame. I used to have a phpbb board.
|
the shame is not to be related to phpBB but to the way you can be hacked using another script that is not as secure as your own source of revenues...
most people here would call it one day... "i've been hacked, vBulletin is just crap"... but you see now that it's not the main software that is always the case... a Newletter can do it... and PHPList is a very popular one... the bug came from a human error, not the script itself... |
phpBB is always vulnerable to hackers! many phpBB boards get hacked all the time now they even cant get their hands out of the main terminal! this is a shame to phpBB system they should consider developing a system that is more secure.
|
I'm sorry to type in caps...
PHPBB DID NOT GET HACKED DIRECTLY. A VULNERABILITY IN PHPLIST LEAD TO THE HACKING OF PHPBB |
But wasnt it them that didnt update a know vulnerable version?
|
Quote:
Quote:
Have you looked at your own VB config.php file ;) |
Quote:
http://www.phplist.com/?lid=274 Seriously, there isn't much phpbb.com could have done. And as people have commented in the blog post, he's not much more than a script kiddie. Suggesting config files be encrypted? What's next? <sarcasm>Maybe he'll suggest everyone use ASP.NET because obviously ASP.NET never got anyone hacked.</sarcasm> |
Thanks guys for being supportive to phpbb.com
I'm a phpbb3 user (Until I can afford an "upgrade") and I am very loyal to them.. They are a great team of people that do not even get paid for what they do (Other then the Bertie Bears) I'm sure that Vbulletin's software is secure but for all forum owners, now is a good time to start double checking and analyzing your forum. The larger the forum, the more likely of an attack. Just please be careful.. ~<',>< Jason |
Quote:
|
How often are these hackers caught and prosecuted? Hang em!
|
Quote:
unless your american, then the whole world should apply to their laws they think, which is odd.. anyway not here to religious/political debate, just here to gloat.. happy to be using vb. :p |
Quote:
|
Some simply want to increase their post count, not knowing that posts in this section don't get counted.
|
Quote:
I am very satisfied with my phpbb3 forum.. (Though I notice that all high ranking forums just happen to be vbulletin.. not fair you guys.. :D ) But I would still like to upgrade. But anyway, more on topic.. I still can't believe some of the jerks on the internet.. I mean, I met some doosies in real life but some of these people take the cake.. He should be working for a security site, not hacking into people offering a free software to help others. They put way too much time working on phpbb to have this happen to them.. :mad: |
Quote:
Quote:
|
Quote:
|
Quote:
Lighten up and pay attention, vB isn't released only in English speaking countries, there are many many different ethnicity based visitors on here who's native tongue is not the same as yours. |
Quote:
Sometimes I REALLY wish vb.org had the thanks button! LOL |
Quote:
|
Quote:
Quote:
Actually, when I first read that, I thought you were talking about phpBB users - that you were saying "most of them use scripts or code from Boards and just mess till they get a hit". I didn't have a clue what that meant and assumed that it was just belligerence towards phpBB on your part. Rereading it, though, I think I may have misinterpreted it the first time. It looks what like what you, in point of fact, were referring to weren't phpBB users, but rather, script kiddies of the kind that conducted the attack. If that's correct, then I apologize - my condescension was due to my thinking you were being condescending to the victims - not to the attacker. |
Quote:
I speak better english than i type it - thats for sure and thats all that matters :) |
Quote:
|
I think it's 1337 chat like language is what you're worried about queenzeal.
If someone's grammar isn't too good, it doesn't mean that they're 1337 script kiddies wannabes, but maybe not from an English speaking country, like myself. If they are, then they should go to school more often. |
We do require posts are in english, we do not require that it is in perfect english with correct grammar. For most of our users English is not their first language.
|
Quote:
|
Quote:
Don't assume i posted that for no reason and start trying to flame me. Try being on topic |
| All times are GMT. The time now is 04:59 PM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|