Go Back   vb.org Archive > Community Central > Community Lounge
  #1  
Old 02-01-2009, 05:19 PM
ChrisChristian ChrisChristian is offline
 
Join Date: May 2008
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default phpBB.com HACKED!!

Bad News for phpBB users:

So far, the phpbb.com remains offline.

*** Removed link and content of this post. We do not need to link to websites ran by hackers or list passwords of another site. ***
Reply With Quote
  #2  
Old 02-01-2009, 05:39 PM
lasto lasto is offline
 
Join Date: Jan 2002
Posts: 1,514
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

sad news indeed
Reply With Quote
  #3  
Old 02-01-2009, 05:58 PM
ChrisChristian ChrisChristian is offline
 
Join Date: May 2008
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It´s very unfortunate. I hope they get everything sorted.
Reply With Quote
  #4  
Old 02-01-2009, 06:37 PM
UKBusinessLive UKBusinessLive is offline
 
Join Date: Sep 2008
Location: Essex, United Kingdom
Posts: 1,637
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well all i can say is that i hope they sort this out asap, Its a nightmare when something like this happens, it feels like you've been robbed. What was the whole point of this??, Very Sad indeed
Reply With Quote
  #5  
Old 02-01-2009, 06:42 PM
UncoderMom UncoderMom is offline
 
Join Date: May 2006
Location: My office chair!
Posts: 567
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I hope they get it sorted too.

OMG, is that the hacker posting copies of its user database to rapid share????
Reply With Quote
  #6  
Old 02-01-2009, 06:52 PM
Shazz's Avatar
Shazz Shazz is offline
 
Join Date: Jun 2006
Location: Utah
Posts: 4,758
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just be fortunate that you don't have a phpbb forum, this would be good for jelsoft... More potential customers
Reply With Quote
  #7  
Old 02-01-2009, 06:53 PM
klaush klaush is offline
 
Join Date: Oct 2005
Posts: 340
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

They used a security hole in phplist.

If anyone use this newsletter tool, here is the fix for this hole:

security update version 2.10.9
29 January 2009

We've released version 2.10.9 that fixes a local file include vulnerability.This vulnerability allows attackers to display the contents of files on the server, which can aid them to gain unauthorised access.

Everyone using any version up to this one is advised to upgrade as soon as possible. Any clients hosted by Tincan have already been patched or upgraded.

If you don't want to upgrade now, you can fix the vulnerability quickly by adding the following line to the top of the index file in the admin directory:

----------

if (isset($_REQUEST['_SERVER'])) { exit; }


http://www.phplist.com/?lid=274
Reply With Quote
  #8  
Old 02-01-2009, 06:53 PM
Shelley_c's Avatar
Shelley_c Shelley_c is offline
 
Join Date: Jan 2006
Location: United Kingdom
Posts: 1,992
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by UncoderMom View Post
I hope they get it sorted too.

OMG, is that the hacker posting copies of its user database to rapid share????
Looks like it and much more. Shame, people like this are full of beans until they are caught & prosecuted and blubber like little babies. Shame, I'm sure they will be back to business before long a little wiser in the process.
Reply With Quote
  #9  
Old 02-01-2009, 06:55 PM
Winterworks Winterworks is offline
 
Join Date: Feb 2008
Location: Canada
Posts: 640
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by UncoderMom View Post
I hope they get it sorted too.

OMG, is that the hacker posting copies of its user database to rapid share????
He did, but visit the link now and it's...

Quote:
This file is suspected to contain illegal content and has been blocked. After the file has been blocked for 7 days it will automatically be deleted, if the block is not removed by RapidShare. For this reason, a download of this file is currently not possible.
Reply With Quote
  #10  
Old 02-01-2009, 06:57 PM
ChrisChristian ChrisChristian is offline
 
Join Date: May 2008
Posts: 57
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Info from AREA51 (phpbb dev forum):

Quote:
by Erisar ? Today 5:27 am
phpBB.com is offline due to a security vulnerability in PHPList, a third party software being used on the site. The phpBB3 software is not responsible and is not compromised in any way. phpBB.com will be offline until the problem can be fixed. Support may continue as usual in the temporary support forum or on IRC (#phpBB on irc.freenode.net). We thank everyone for your patience and understanding.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:29 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04482 seconds
  • Memory Usage 2,241KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete