Noting there is a
closed topic regarding this, I think it is best if we (the phpBB Team) responds.
phpBB.com website was hacked through a vulnerability in an outdated version of a third-party script called PHPList. PHPList is used to manage the Mailing list on phpBB.com (the website). The hacker got in and compromised the rest of the server through that vulnerability including the phpBB.com forums.
Information about this vulnerability and the security update that patches it is here:
http://www.phplist.com/?lid=274
If you or anyone you know is running PHPList, it is vital that you notify them of the security update immediately.
It is important to note that the phpBB.com website was not hacked through a phpBB(3) vulnerability and there are still no known vulnerabilities within phpBB3.
phpBB.com is back online which explains this in summary. (If you previously visited phpBB.com, you may need to refresh your DNS cache to see the site).
- Highway of Life
phpBB.com Modifications Team
(2009-02-01, 09:40 PM)Highway of Life Wrote: [ -> ]Noting there is a closed topic regarding this, I think it is best if we (the phpBB Team) responds.
phpBB.com website was hacked through a vulnerability in an outdated version of a third-party script called PHPList. PHPList is used to manage the Mailing list on phpBB.com (the website). The hacker got in and compromised the rest of the server through that vulnerability including the phpBB.com forums.
Information about this vulnerability and the security update that patches it is here: http://www.phplist.com/?lid=274
If you or anyone you know is running PHPList, it is vital that you notify them of the security update immediately.
It is important to note that the phpBB.com website was not hacked through a phpBB(3) vulnerability and there are still no known vulnerabilities within phpBB3.
phpBB.com is back online which explains this in summary. (If you previously visited phpBB.com, you may need to refresh your DNS cache to see the site).
- Highway of Life
phpBB.com Modifications Team
Glad we got the actually story - but isn't that basically what was said in the closed topic? Glad you guys sort of "got the site back up". Hope no data was lost.
Kind Regards,
TomL
That's good news. It's good to know that there is no problem with phpBB itself - I'm sure you were all revealed at finding that out. =]
I hope that you guys (and girls?) don't have too many problems because of this though.
Best of luck to you and the rest of the phpBB team.
I was just going to make a topic about this.
When I saw the Message on the site...
I fell off my chair laughing.
I have a question though. What is a PhPBB Modeification Team member doing here at mybb?
Jeez, you'd think phpBB of all people would know to keep their software current!
(2009-02-01, 09:59 PM)Chasingu Wrote: [ -> ]I was just going to make a topic about this.
When I saw the Message on the site...
I fell off my chair laughing.
I have a question though. What is a PhPBB Modeification Team member doing here at mybb?
Explaining what happened - first hand(so to say).
(2009-02-01, 10:00 PM)Bey Brad Wrote: [ -> ]Jeez, you'd think phpBB of all people would know to keep their software current!
They do, but can you imagine how hard it is to keep a program up to date when it's modified? For each update, they have to re-modify it(I think).
(2009-02-01, 09:59 PM)Chasingu Wrote: [ -> ]I fell off my chair laughing.
I have a question though. What is a PhPBB Modeification Team member doing here at mybb?
Play nice - that goes for everyone here.
I think it's nice that one of the phpBB members took the time and effort to post here.
I am registered over at phpBB and I'm sure other MyBB staff are also.
I'm also registered at IPB, vBulletin, SMF.. and whatever else I've forgotten.
(2009-02-01, 10:02 PM)rh1n0 Wrote: [ -> ] (2009-02-01, 09:59 PM)Chasingu Wrote: [ -> ]I fell off my chair laughing.
I have a question though. What is a PhPBB Modeification Team member doing here at mybb?
Play nice - that goes for everyone here.
I think it's nice that one of the phpBB members took the time and effort to post here.
I am registered over at phpBB and I'm sure other MyBB staff are also.
I'm also registered at IPB, vBulletin, SMF.. and whatever else I've forgotten.
Yeah, I can admit I am. I see no reason to be rude to them, just because they work on other forum software. They're humans just like us, and have feelings - no need to disrespect them.
No I know. I was just ...yha.
Sorry If I hurt someone's feelings.