phpBB.com HACKED!!

Quote:

Originally Posted by UncoderMom

But wasnt it them that didnt update a know vulnerable version?

The attacker says that they first broke in on January 14th using a local file inclusion vulnerability. PHPlist fixed that vulnerability on January 29th:

http://www.phplist.com/?lid=274

Seriously, there isn't much phpbb.com could have done.

And as people have commented in the blog post, he's not much more than a script kiddie. Suggesting config files be encrypted? What's next? <sarcasm>Maybe he'll suggest everyone use ASP.NET because obviously ASP.NET never got anyone hacked.</sarcasm>

Thanks guys for being supportive to phpbb.com

I'm a phpbb3 user (Until I can afford an "upgrade") and I am very loyal to them.. They are a great team of people that do not even get paid for what they do (Other then the Bertie Bears)

I'm sure that Vbulletin's software is secure but for all forum owners, now is a good time to start double checking and analyzing your forum. The larger the forum, the more likely of an attack.

Just please be careful..

~<',>< Jason

[iAnj]

Quote:

Originally Posted by Mudjosh

Thanks guys for being supportive to phpbb.com

I'm a phpbb3 user (Until I can afford an "upgrade") and I am very loyal to them.. They are a great team of people that do not even get paid for what they do (Other then the Bertie Bears)

I'm sure that Vbulletin's software is secure but for all forum owners, now is a good time to start double checking and analyzing your forum. The larger the forum, the more likely of an attack.

Just please be careful..

~<',>< Jason

Lol close and do a full backup asap

[GSeybold]

How often are these hackers caught and prosecuted? Hang em!

[Vaupell]

Quote:

Originally Posted by GSeybold

How often are these hackers caught and prosecuted? Hang em!

Rarely done, both cases, some laws usually dont apply across borders
unless your american, then the whole world should apply to their laws
they think, which is odd..

anyway not here to religious/political debate,

just here to gloat.. happy to be using vb.

[KTBleeding]

Quote:

Originally Posted by iAnj

Lol close and do a full backup asap

He claimed to be using phpbb, not phplist. So explain why he needs to panic and do a full backup immediately.. Or did you not read anything other than the title of this thread?

[Magnumutz]

Some simply want to increase their post count, not knowing that posts in this section don't get counted.

Quote:

Originally Posted by Magnumutz

Some simply want to increase their post count, not knowing that posts in this section don't get counted.

Exactly.. lol.

I am very satisfied with my phpbb3 forum.. (Though I notice that all high ranking forums just happen to be vbulletin.. not fair you guys.. )

But I would still like to upgrade.

But anyway, more on topic..

I still can't believe some of the jerks on the internet.. I mean, I met some doosies in real life but some of these people take the cake.. He should be working for a security site, not hacking into people offering a free software to help others.

They put way too much time working on phpbb to have this happen to them..

[lasto]

Quote:

Originally Posted by Magnumutz

Some simply want to increase their post count, not knowing that posts in this section don't get counted.

You kidding me - thats its im gonna post in other sections now

Quote:

Originally Posted by Mudjosh

I still can't believe some of the jerks on the internet.. I mean, I met some doosies in real life but some of these people take the cake.. He should be working for a security site, not hacking into people offering a free software to help others.:

They not good enough - most of them use scripts or code from Boards and just mess till they get a hit.

Quote:

Originally Posted by lasto

They not good enough - most of them use scripts or code from Boards and just mess till they get a hit.

Correct me if I'm wrong, but isn't this is an English speaking forum? You know, as opposed to a "I'm 2 culz to use proper gramarz" speaking forum?