Announcement

Collapse
No announcement yet.

phpbb hacked ???? www.phpbb.com

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    too true lol I didnt think of that...

    I think its time to go to bed tho... (3:05 AM here)
    http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

    Comment


    • #32
      Originally posted by Floris
      According to Vic from support.phpBB their server isn't compromised.
      Source: http://area51.phpbb.com/phpBB/viewto...d=&f=6&t=17169

      <Vic> hello floris
      WHOIS| Vic ([email protected]) (identified user) ircname : Pythago

      <floris> I just read on our forum that your site was compromised.
      <floris> Sorry to hear that.
      <Vic> our site was not compromised
      <Vic> http://area51.phpbb.com/phpBB/viewto...d=&f=6&t=17169
      <floris> Well, defaced then.
      Hello everyone,

      as far as the phpBB team knows this is not a phpBB issue, but rather an issue with AWStats (more info: http://www.ypjain.com/simplesecurity...rity-hole.html). We're doing our best to get the server back up again. More up-to-date information will be posted either at phpBB.com as soon as it's back up, or at area51.phpbb.com (http://area51.phpbb.com/phpBB/viewto...d=&f=6&t=17169)

      psoTFX/Paul thanks the majority of people in this thread who recognise a situation like this isn't "funny"

      Regards,
      Vic D'Elfant (phpBB Support Team)

      Comment


      • #33
        We are currently experiencing problems with the server itsellf. This was not related to phpBB, as mentioned before we assume it is due to awstats. Other sites got hit around the same time, by the same group, using the awstats hole.

        Read more on the awstats hole, and update now if you didn't do it already.

        Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody").
        If you use AWStats with another version or with option AllowToUpdateStatsFromBrowser to 0, you are safe. If not, it is highly recommanded to update to 6.3 version that fix this security hole.
        Thanks for the kind words here, we are doing our best!

        Comment


        • #34
          Originally posted by 1996 328ti
          I don't think phpBB deserves that. No one deserves that.
          Some people do. These people, however, most certainly were not among them.
          "63,000 bugs in the code, 63,000 bugs, you get 1 whacked with a service pack, now there's 63,005 bugs in the code."
          "Before you critisize someone, walk a mile in their shoes. That way, when you critisize them, you're a mile away and you have their shoes."
          Utopia Software - Current Software: Utopia News Pro (news management system)

          Comment


          • #35
            I agree. They do alot of work on their software and is an alternative to many who can't afford vB at the moment or waiting to afford it.

            Originally posted by 1996 328ti
            I don't think phpBB deserves that. No one deserves that.
            Kim

            Comment


            • #36
              Originally posted by JPT62089
              OMG thats too funny haha they get what they deserve i guess lol
              Originally posted by JPT62089
              really why would phpbb do that? exactly they wouldnt... they just have a very insecure board lol
              Comments like this are very dumb and not worthy to be posted by someone who calls himself a vBulletin Administrator.

              What if your server / board / whatever gets hackes by some morons?

              Comment


              • #37
                I have used phpBB in the past and use them whenever I need a free board.

                For being free and Open Source it's a solid alternative to vBulletin if you do not want to pay for a forum software, and they don't deserve to be hacked.

                Comment


                • #38
                  Originally posted by Odysseus
                  Comments like this are very dumb and not worthy to be posted by someone who calls himself a vBulletin Administrator.

                  What if your server / board / whatever gets hackes by some morons?
                  my whole server got hacked! every single file was changed because of phpbb's insecure board. Now maybe I was a bit crude but dont you think that if you are going to make a bb software you are going to make it as secure as you can? I am not saying I do not respect phpbb or anything because I do but I think they should learn from their mistakes. if no one on their team knows how to make it more secure then they should hire someone who does!

                  just imho

                  Edit: GOSH I just missed the commercials!!! (super bowl commercials) dangit lol
                  http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

                  Comment


                  • #39
                    Originally posted by JPT62089
                    [snip]if no one on their team knows how to make it more secure then they should hire someone who does![snip]
                    Hire someone? phpBB doesn't get $160 from every board owner, plus $30/year thereafter. It's open source and free.

                    What software is secure? Do you think vB 3.0.0 was secure? How about 0.1, 0.2, 0.3, 0.4, 0.5 and now you think 3.0.6 is secure? No software is secure. Is Windows secure? I like the fact that vB responds to security issues. phpBB also responds to security issues. Even though phpBB is free, I have no doubt that security is a top priority just as it is with vB.

                    And if it was a hole in AwStats, many of us are at risk.
                    And many of us who are hosted have little control over it.

                    I'm glad to see at least the phpBB home page is up. That is a start.
                    ...steven
                    www.318ti.org (vB3.8) | www.nccbmwcca.org (vB4.2)
                    bmwcca.org/forum | m135i.net
                    "I tried to clean this up but this thread is beyond redemption." - Steve Machol

                    Comment


                    • #40
                      very true but I am not trying to start an arguement so I shall be quiet lol
                      http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

                      Comment


                      • #41
                        phpBB software discussions are to be held on their web site. Not hours.

                        They say this was not a security issue with phpBB, so no need to discuss the forum software.

                        Comment


                        • #42
                          ok I just want to say this.

                          If you created a very popular forum software and it was going very good. you have millions of users using your software. Then all of a sudden your whole site got hacked because of your software not being secure enough wouldnt you say it was something else to cover up for that? I am not saying that they are for sure but it is a possibility.

                          Just IMHO

                          P.S. Please do not reply to this if you would like to argue. I do not want my thoughts to be the cause of this thread closed. Thanks. Have a good day
                          http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

                          Comment


                          • #43
                            I think the thread has gone far enough.

                            No one deserves to be hacked and all of the phpBB devs and staff are a group of people who did not deserve to be hacked or defaced.

                            There are quite a few differnt varibles that could account for a server breach, I very much doubt it was phpBB. if it had been there would be a new patch out soon, and the big but tracking sites would have a report.

                            Anyway thread closed.

                            Comment

                            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                            Working...
                            X