Author |
Message |
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Sun Feb 01, 2009 7:36 am Post subject: The end |
|
|
Could this have some connection with the demise of phpBB2
Version Information
Unable to open connection to phpBB Server, reported error is:
Connection refused
If so once again a bad move I think as folks with versions older than 2.0.22 (perhaps inheriting them or just installing an older version they might have) would not be aware of potential problems.
Jim |
|
Back to top |
|
|
RMcGirr83 Board Member
Joined: 01 Dec 2008
Posts: 53 Location: East Lyme, CT
|
Posted: Sun Feb 01, 2009 7:40 am Post subject: Re: The end |
|
|
Morning Jim,
.com was compromised due to an updated phplist installation. So the whole site is down as of now. _________________ Rich McGirr |
|
Back to top |
|
|
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Sun Feb 01, 2009 7:59 am Post subject: Re: The end |
|
|
Thanks Rich - Please explain further what has happened to it. Is it some exploit of the current version or just a server exploit?
Jim |
|
Back to top |
|
|
RMcGirr83 Board Member
Joined: 01 Dec 2008
Posts: 53 Location: East Lyme, CT
|
Posted: Sun Feb 01, 2009 8:19 am Post subject: Re: The end |
|
|
Actually, I should state, it was taken down due to an exploit in an outdated phplist installation.
They're (The Team) is working on restoring .com. Has nothing to do with phpBB itself, just PHPList _________________ Rich McGirr |
|
Back to top |
|
|
Dog Cow Board Member
Joined: 18 Nov 2008
Posts: 378
|
|
Back to top |
|
|
iWisdom Board Member
Joined: 19 Nov 2008
Posts: 16
|
Posted: Sun Feb 01, 2009 8:00 pm Post subject: Re: The end |
|
|
Area51 is currently online. We are working to get the main site functional as quickly as possible. |
|
Back to top |
|
|
~Cowboy~ Board Member
Joined: 08 Dec 2008
Posts: 297 Location: Chicago
|
Posted: Sun Feb 01, 2009 9:48 pm Post subject: Re: The end |
|
|
Thanks for the update iWisdom
---------------------------------------
EDIT:
Phpbb.com wrote: | Maintenance
We are sorry to report that we have been attacked through a vulnerability in an outdated PHPList installation. phpBB.com and related sites will remain unavailable while we work to recover. No vulnerabilities have been found in the phpBB software itself.
You can download phpBB here: http://www.ohloh.net/p/phpbb
You can get support at the temporary support forums or on IRC: chat.freenode.net #phpbb
– the phpBB team
|
_________________ Image link
We are not refugees we are trail blazers. |
|
Back to top |
|
|
~Cowboy~ Board Member
Joined: 08 Dec 2008
Posts: 297 Location: Chicago
|
Posted: Mon Feb 02, 2009 7:36 pm Post subject: Re: The end |
|
|
More information on the PHPList attack on phpbb.com
Marshalrusty wrote: | As you may already be aware from the message on phpBB.com or the topic in the #phpBB channel on Freenode, we have recently been attacked via a vulnerability in an outdated PHPList installation. It is important to stress that no vulnerabilities have been found in the phpBB software itself.
We took area51.phpBB.com down along with phpBB.com to ensure integrity and prevent further damage. While we actively work to bring phpBB.com back online, we would also like to inform you of the damage that has been done.
The attacker gained entry through the PHPList application and was able to dump a complete backup of the emails on file. He then used the same exploit to access the phpBB.com database. Both the email list from PHPlist and a copy of the phpBB.com users table were then posted publicly.
phpBB3 uses a complex hashing algorithm in order to prevent someone from determining the plaintext value of a password. phpBB2, however, used a much simpler and less secure md5 algorithm to store passwords. This is one of the many reasons why we have decided to no longer support the phpBB2 software. Because hashes cannot be reversed, phpBB3 is set to convert phpBB2 hashes to the new phpBB3 standard during the first user login. Those users who registered while phpBB.com used phpBB2 and did not login on the new phpBB3 board continue to have their password hashes stored in the old format. Passwords stored in the old format are much less secure than those stored in the new format. The attackers have been focusing purely on the passwords stored in the old format.
If the password to your phpBB.com account is used anywhere else (especially with the same username), we strongly recommend that you change it. Using the same password across multiple sites is not security wise and should not be done under any circumstance. Additionally, you should change your password on phpBB.com, when it becomes available.
We apologise that we allowed this to happen by not patching vulnerable software in time. This demonstrates how critically important it is to always make sure that you keep up to date with any software that is running on your machine. At this time, the team is working around the clock to restore phpBB.com and other resources.
Thank you,
- The phpBB Teams |
_________________ Image link
We are not refugees we are trail blazers. |
|
Back to top |
|
|
Sylver Cheetah 53 Board Member
Joined: 17 Dec 2008
Posts: 426 Location: Milky Way
|
Posted: Fri Feb 06, 2009 9:51 am Post subject: Re: The end |
|
|
It is very "interesting" that they ban people like flys, they can not log in and now they tell us if we did not log in from some while, our passwords could be compromised. But who did not let us log in in the first place? Why don't just delete the account and ban the email? I don't know, maybe I am a bad boy, but to be honnest with you guys, because I consider you my friends, I am happy that they have been hacked and I hope they'll stay offline for as long as possible. The thing that they are down from the 1st of february, the same day that they drop support for phpBB2 it's a twist of destiny to let them know it isn't nice. _________________ Image link
My Forum || My Blog
phpBB2 forever! |
|
Back to top |
|
|
drathbun Board Member
Joined: 24 Jul 2008
Posts: 729 Location: Texas
|
Posted: Fri Feb 06, 2009 10:44 am Post subject: Re: The end |
|
|
Nobody should ever say that they're happy someone else was hacked. Period.
From the perspective of dealing with a good friend who had their board hacked and ultimately destroyed this week, I can tell you that hacking is a complete waste of time for no value gained whatsoever. It doesn't matter how much you like / dislike someone, celebrating their misfortune is in very bad taste. It's like saying you're happy a sinkhole opened up under their house and swallowed everything they own. Believe me, that's what it can feel like.
It's not cool. _________________ phpBBDoctor Blog |
|
Back to top |
|
|
Jim_UK Board Member
Joined: 19 Nov 2008
Posts: 656 Location: North West UK
|
Posted: Fri Feb 06, 2009 12:03 pm Post subject: Re: The end |
|
|
Sylver Cheetah 53 wrote: | It is very "interesting" that they ban people like flys, they can not log in and now they tell us if we did not log in from some while, our passwords could be compromised. But who did not let us log in in the first place? Why don't just delete the account and ban the email? I don't know, maybe I am a bad boy, but to be honnest with you guys, because I consider you my friends, I am happy that they have been hacked and I hope they'll stay offline for as long as possible. The thing that they are down from the 1st of february, the same day that they drop support for phpBB2 it's a twist of destiny to let them know it isn't nice. |
Unless I am mistaken I think it was me that banned you and I would not do it for no good reason.
That attitude that you are displaying on here is far better than the one you showed on that site. You have no need to worry about your password as the ban took place whilst the site was running phpBB3 so yours has the salted hash. You should not be happy that they were hacked as if it was not for all the hard work those guys have done over the years you would not be able to take advantage of the best (and free) BB software in the world.
In fact we would not be here discussing it as we are now.
Jim |
|
Back to top |
|
|
Techie-Micheal Board Member
Joined: 27 Dec 2008
Posts: 49
|
Posted: Fri Feb 06, 2009 12:15 pm Post subject: Re: The end |
|
|
Sylver Cheetah 53 wrote: | It is very "interesting" that they ban people like flys, they can not log in and now they tell us if we did not log in from some while, our passwords could be compromised. But who did not let us log in in the first place? Why don't just delete the account and ban the email? I don't know, maybe I am a bad boy, but to be honnest with you guys, because I consider you my friends, I am happy that they have been hacked and I hope they'll stay offline for as long as possible. The thing that they are down from the 1st of february, the same day that they drop support for phpBB2 it's a twist of destiny to let them know it isn't nice. | Well aren't you a lovely ray of sunshine.
You were banned because you couldn't follow the rules. As nasty as your attitude is now, it was worse over there. |
|
Back to top |
|
|
Holger Board Member
Joined: 19 Jan 2009
Posts: 509 Location: Hanover
|
Posted: Fri Feb 06, 2009 12:34 pm Post subject: Re: The end |
|
|
Could we please stop this here ... phpBBrefugees should continue the friendly community it was. |
|
Back to top |
|
|
~Cowboy~ Board Member
Joined: 08 Dec 2008
Posts: 297 Location: Chicago
|
Posted: Fri Feb 06, 2009 3:21 pm Post subject: Re: The end |
|
|
Sylver Cheetah 53 wrote: | It is very "interesting" that they ban people like flys, they can not log in and now they tell us if we did not log in from some while, our passwords could be compromised. But who did not let us log in in the first place? Why don't just delete the account and ban the email? I don't know, maybe I am a bad boy, but to be honnest with you guys, because I consider you my friends, I am happy that they have been hacked and I hope they'll stay offline for as long as possible. The thing that they are down from the 1st of february, the same day that they drop support for phpBB2 it's a twist of destiny to let them know it isn't nice. | Image link
. .Image link
Sometimes thoughts should just be kept to yourself.. You really don't wish bad things for phpbb.com just because their thinking is wrong at this particular point in time do you? I have faith that they will see the error of their ways about phpbb3 and come around eventually... perhaps I am dreaming but I like to keep a positive mental attitude about the whole mess. Although you may unfortunately be right about the timing issue with this hacking event... but on the other hand you could be wrong too... But whatever the reason is I haven't seen any evidence one way or the other that it was related to support stopping for phpbb2. No one has even claimed this to the best of my knowledge. Not saying it is or isn't so, but I would agree that it suspicious timing.
But enough of the hating... you have a fresh start here and you are doing very well... why alienate people now Sylver Cheetah?
I understand that getting banned was upsetting to you but you really need to put that behind you and move on instead of dwelling on something that happened in the past..
Oh BTW...Image link tee hee sorry I couldn't resist _________________ Image link
We are not refugees we are trail blazers. |
|
Back to top |
|
|
Sylver Cheetah 53 Board Member
Joined: 17 Dec 2008
Posts: 426 Location: Milky Way
|
Posted: Fri Feb 06, 2009 3:49 pm Post subject: Re: The end |
|
|
1.I appologise if, somehow, I upsait someone by saying that I am happy that phpBB.com was hacked. Like someone said, some thoughts are better kept for myself.
2.I am not so angry that I got banned here, I realise I can be annoying sometimes, but I saw that many people got banned, even MOD autors who could not support their work anymore. It's okay to ban people, maybe they chill out, but not forever.
3.The main reason why I'm angry is because they drop support for phpBB2, even if phpBB3 stable realease has just been out there for only about an year. I don't think Microsoft dropped support for Windows'98, even if there are 10 years from then.
4.I am a little too emotional sometimes, and this is why I can be a little, let's say irational. I hacked a forum after one year since they delete 2000 of my messages, and deleted 5000 posts of the moderator who, mainly, did it. So I like revenges, sometimes.
5.I apreciatte that some of you say that my attitude is improved and this is just one more reason why people deserve a second chance.
Thanks to all of you, and once again, I applogise for saying I am happy for phpBB.com been hacked. Maybe that wasn't the nicest thing to say...
Daniel _________________ Image link
My Forum || My Blog
phpBB2 forever! |
|
Back to top |
|
|
|