Quote:(Update #2) On Sunday Dec. 14th, several of the web servers powering phpBB.com were compromised. Upon discovering the ongoing attack, we immediately took our network offline to perform a thorough investigation, which is continuing.
At this time, we would like to ask everyone to follow basic security protocol. If you were using your www.phpBB.com or area51.phpBB.com passwords anywhere else, please change them to unqiue ones.
Your personal phpBB Forums are NOT affected by the compromise of our servers.
We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days.
Further updates will be posted here when we have additional information.
If you need urgent assistance, please make use of the #phpbb IRC channel on Freenode. A web-based client is available at http://webchat.freenode.net.
- The phpBB Team
http://phpbb.com/
I saw that today. Shame really. It isn't the first time they have been compromised.
looks like conspiracy at server level.
I don't think phpBB management reveals behind scene matters (none like revealing secrets)
I imagine it was probably related to a server vulnerability, but I can't blame them for not shedding more light on the issue. It'd be asking for trouble if they haven't fully resolved the issues yet.
Hopefully they are able to get back online without too much downtime.
Oh wow, I haven't used phpBB in awhile.. But it sucks that they got hacked, hopefully they will get their forums back online soon enough.
Unfortunately, we know how that feels and I wish them the best of luck getting this resolved quickly.
i just learned of this. my condolenses. lets hope they will recover and not be victem again
Quote:Update #3 17-12-2014 - 01:10
At this time we are proceeding with recovery efforts and have some additional important information.
We have confirmed that initial entry was made via a team member's compromised login details and not as the result of a vulnerability in the phpBB software. The phpBB download packages were never altered.
The attackers were able to obtain access to the phpBB.com and area51 databases, meaning that user information, including hashed salted passwords, was compromised. Additionally, all logins on area51 between Dec. 12th and Dec. 15th were logged in plaintext. While the hashing algorithm utilized in phpBB will make it difficult to obtain those passwords, you should not take any chances. If you were using your phpBB.com or area51 passwords anywhere else, you must change them.
We will provide full details, including the steps we have taken since the compromise, once we are back in operation.
That's a rather large security hole...
Though I didn't wish it to them it's quite funny as some of there devs were joking about us when we got hacked... Anyways, hopefully they're back soon.