News

Press about phpBB.com crack

Postby Juanm on Wednesday February 11th, 2009 08h09:43

Some facts about the PHPList vulnerability and the phpbb.com hack

A few days ago phpbb.com was hacked through a super-globals-overwrite vulnerability in PHPList that was used by an attacker for a local file inclusion exploit. [--cut] From the explanation it seems that the PHP installation on phpbb.com was more or less a default one that was not hardened against attacks at all, but I will get into this later.

First I want to shed some light on the super-globals-overwrite vulnerability in PHPList that was wrongly attributed a local file inclusion vulnerability in so many places (including the PHPList announcement). [...]

-----------------------------...
Read full news: Here
Link to topic: Press about phpBB.com crack
Comments: 0

phpBB.com back online

Postby Juanm on Wednesday February 11th, 2009 08h08:13

Acyd Burn @ phpBB.com,Feb 10, 2009 23:11:01 wrote:As you probably know, we were attacked for unknown reasons by an individual using an exploit against our PHPList installation within hours of the exploit being publicly posted on a well-known exploit site. Facilitated by mistakes and - in retrospect mistaken - performance considerations in our server setup, the attacker was able to steal all email addresses from our mailing list, as well as the password hashes from this board's database.


And then the most important thing:

In a reckless act of showmanship, he later posted all this information on a blog.

We urge all our community members to change their passwo...
Read full news: Here
Link to topic: phpBB.com back online
Comments: 0

What happened yesterday

Postby Juanm on Monday February 2nd, 2009 08h18:50

As you might have already seen from this global announcement yesterday morning, phpBB.com server was cracked by a script kid who exploited a vulnerability on phplist found surfing through a 'security' site, and then leaked the stolen data with the world.

No vulnerability was found into phpBB3 itself.

Please note that your account on phpbb.com might have been compromised (e.g. : password leaked) if you didn't login after the conversion to the new password hashing system (MD5 can be bruteforced).
Please note also that we strongly advice you not to use the same combination password-usernam...
Last edited by Juanm on Monday February 2nd, 2009 09h22:00, edited 2 times in total.
Reason: updated
Read full news: Here
Link to topic: What happened yesterday
Comments: 0

Emergency notice

Postby Juanm on Sunday February 1st, 2009 09h32:08

ToonArmy wrote:You can help by notifying a team member by PM if you find any sites hosting or linking to the stolen data from phpBB.com.

(contacts here (301), details here)

Channel topic #phpbb - 7:43 UTC+1 2/1/2009

We are sorry to report that we have been attacked through a vulnerability in an outdated PHPList installation. phpBB.com will remain unavailable while we work to recover. No new vulnerabilities have been found in the phpBB software itself. | phpBB 3.0.4 available from http://www.ohloh.net...
Last edited by Juanm on Monday February 2nd, 2009 09h19:21, edited 3 times in total.
Reason: updated
Read full news: Here
Link to topic: Emergency notice
Comments: 1

RSS troubles (fixed)

Postby Juanm on Sunday January 25th, 2009 21h31:58

Hi, there were some troubles in the past days with RSS feeds hanging around.

Let's see:
  • blog related category feed (fetched elsewhere)
    Read timed out
    on January 19th from 17:16:23 to 18:13:17
  • board related (in homepage) -
    lock cannot be obtained
    on january 21st from 11:15:01 to 11:30:23
  • download area RSS (fetched in homepage too)
    Read timed out
    today (january 25th) from 04:51 to 06:53
We apologize for each inconvenience this could cause ...
Read full news: Here
Link to topic: RSS troubles (fixed)
Comments: 0

Many feeds moved

Postby Juanm on Tuesday January 20th, 2009 08h01:03

Hi,
As you might have noted, all feeds have been moved, and in the meanwhile a little page restructuring was in order.

If you are a subscriber and you don't want the 301 redirect, replace
Code: Select all
feed.
with
Code: Select all
feed2.
into your feedreader address.

Of course this doesn't affect the few self-hosted feeds you might find around ;)
Read full news: Here
Link to topic: Many feeds moved
Comments: 0

2.0.x MODs of mine disc

Postby Juanm on Saturday January 17th, 2009 15h10:27

All MODs of mine related to phpBB 2.0.x are discontinued since January 1st 2009 due to phpBB Group discontinuing support for 2.0.x line.

No more updates will be released. 



Cricca guestbook due to its peculiarity (taken over from 3rd part by me and then with two unofficial release hanging around elsewhere) might receive some basic support, but nothing more.

No replacement is available for Olympus yet and there's nothing in the workload at least for now.
Read full news: Here
Link to topic: 2.0.x MODs of mine disc
Comments: 0

Album feed reactivated

Postby Juanm on Thursday January 15th, 2009 11h31:10

It was down since the site conversion, happened on August 3rd, 2008.
Now the photoalbum RSS feed has been brought to a new life. As an addition, latest posts, latest downloads, latest album photos appear on the right side of the home page too.

Have fun ;)
Read full news: Here
Link to topic: Album feed reactivated
Comments: 0

Windows 7 beta available 'til january 24th

Postby Juanm on Monday January 12th, 2009 07h49:45

On january 10th both the Windows 7 download page and Microsoft.com were intermittently unreachable despite the "additional infrastructure support to the Microsoft.com properties" announced on jan 10th 2009, 03:53:00 . Then a new post was made on win7 team blog yesterday night
I know many of you have had issues with the Windows 7 Beta site over the last 24 hours.
As you may have noticed the download site has been up a...
Read full news: Here
Link to topic: Windows 7 beta available 'til january 24th
Comments: 0

phpBB2 official support discontinued this morning

Postby Juanm on Thursday January 1st, 2009 20h18:13

19h18' ... this is the timeframe passed from the official closing of phpBB2 support and 2.0.x support forum locking on phpBB.com

Marshalrusty, here wrote:Most phpBB2 resources have been removed from the Support Section of the site and further pruning will take place within the next few weeks. phpBB2 Knowledge Base articles will be reposted in the archived forum.


And then ....

There are a number of third party sites which have opened for the purpose of offering assistance with phpBB2. Additionally, some international support sites have decided to continue supporting phpBB2. As stated on the international support site page, php...
Read full news: Here
Link to topic: phpBB2 official support discontinued this morning
Comments: 1

 

Tech Covo news

Latest posts

Latest downloads

MODification announcements

Latest photos

Last edited pages



cron

Rate this site