PHPBB.COM Hacked!

  • bbott1982
  • Proficient
  • Proficient
  • User avatar
  • Posts: 320
  • Loc: NJ, USA

Post 3+ Months Ago

Phpbb.com has been hacked! They claim there are no security holes in the current PHPBB - guess they were just unlucky... I'll keep everyone updated for further details! :shock:
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • snicksnack
  • Beginner
  • Beginner
  • User avatar
  • Posts: 35
  • Loc: China

Post 3+ Months Ago

too bad. I cannot understand why some hackers need to destroy other people work.
  • bbott1982
  • Proficient
  • Proficient
  • User avatar
  • Posts: 320
  • Loc: NJ, USA

Post 3+ Months Ago

snicksnack wrote:
too bad. I cannot understand why some hackers need to destroy other people work.


Agreed... It's ashame. :evil:
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

Quote:
At present http://www.phpbb.com is offline due to a group of politically motivated hackers wishing to use an opensource project to push their agenda ... shame on them.

I will take this opportunity to note that given currently available information this hacking episode does not appear to be due to phpBB itself. Instead a third party application looks to have been the problem. Other sites were attacked at the same time as http://www.phpbb.com by the same group displaying the same information and in these cases the same third party application has been suggested as the common factor (thus far). Equally we are not aware of any other phpBB boards being attacked and we have not been notified of any valid security issues recently. Obviously we will have more details when we've reviewed just what happened.


There are no major security holes in 2.0.11 , the hack was on either the server its self or another piece of software they were using.
  • Miss_Bee
  • Guru
  • Guru
  • User avatar
  • Posts: 1307
  • Loc: Eagle Vale, Sydney (Campbo Chickadee)

Post 3+ Months Ago

And here they were practically demanding anyone using any phpbb forum less then 2.0.11 had better upgrade in case of being hacked
  • UNFLUX
  • Genius
  • Genius
  • User avatar
  • Posts: 6376
  • Loc: twitter.com/unflux

Post 3+ Months Ago

i seriously doubt it was the board itself that was crashed like that. they were demanding it because of the worms and other various hacks out there running rampant. I tend to think it was some of the other parts of their site that was exploited in this case.

as one example: http://www.google.com/search?hl=en&lr=& ... tnG=Search
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Graham posted a note at the area51 developers board yesterday morning and stated that it was not due to phpBB as best as they were able to tell at that time.
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

I thought it might of been the MS Sql exploit thats used by the worm but phpbb.com run on linux/Apache.

Does anyone know what the "politically motivated hackers" message was?
  • daniel.g.wood
  • Proficient
  • Proficient
  • daniel.g.wood
  • Posts: 250
  • Loc: England

Post 3+ Months Ago

I doubt it was the board itself too... very well written.

duno as to the hackers message.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

The message at the main page has been updated:
http://www.phpbb.com

Looks like a possible vulnerability in AWSTATS.

Looks like this one may be a good idea to keep tabs on, particularly for Linux hosts using AWSTATS.
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

Quote:
Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").
If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommanded to update to 6.3 version that fix this security hole.

http://www.awstats.org/
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

I dont know if anyone is interested but zone-h have a mirror of what the hack group (simiens) had to say on the phpbb site.
http://www.zone-h.org/defacements/mirror/id=2050456/
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

That was intelligent *lol

sidenote - the message was updated at phpbb.com earlier today.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

New update today. Looks like they'll be back today or tomorrow:
http://www.phpbb.com/
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

phpbb.com is back online.
  • meman
  • Web Master
  • Web Master
  • User avatar
  • Posts: 3432
  • Loc: London Town , Apples and pears and all that crap

Post 3+ Months Ago

From what i read they had a lot of trouble getting thier server back from their data center... good to see them back online.

//
hmmm, looks like my host is down.

Post Information

  • Total Posts in this topic: 16 posts
  • Users browsing this forum: No registered users and 1 guest
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.