Хакнаха phpbb.com, сменете си паролите

Новини, информация за дупки в сигурността на популярни програми и как да се предпазим, защита на Windows, Linux и др.
Отговори
Потребителски аватар
teou
Site Admin
Мнения: 2961
Регистриран на: 23 ное 2012 19:57
Местоположение: Dreieich - Dreieichenhein (Hessen) / София / Синеморец
Контакти:

Хакнаха phpbb.com, сменете си паролите

Мнение от teou » 16 дек 2014 13:50

Downtime


(Update #2) On Sunday Dec. 14th, several of the web servers powering phpBB.com were compromised. Upon discovering the ongoing attack, we immediately took our network offline to perform a thorough investigation, which is continuing.

At this time, we would like to ask everyone to follow basic security protocol. If you were using your www.phpBB.com or area51.phpBB.com passwords anywhere else, please change them to unqiue ones.

Your personal phpBB Forums are NOT affected by the compromise of our servers.

We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days.

Further updates will be posted here when we have additional information.

If you need urgent assistance, please make use of the #phpbb IRC channel on Freenode. A web-based client is available at http://webchat.freenode.net.

- The phpBB Team
http://phpbb.com/

Потребителски аватар
teou
Site Admin
Мнения: 2961
Регистриран на: 23 ное 2012 19:57
Местоположение: Dreieich - Dreieichenhein (Hessen) / София / Синеморец
Контакти:

Re: Хакнаха phpbb.com, сменете си паролите

Мнение от teou » 18 дек 2014 10:40

Update #3 17-12-2014 - 01:10

At this time we are proceeding with recovery efforts and have some additional important information.

We have confirmed that initial entry was made via a team member's compromised login details and not as the result of a vulnerability in the phpBB software. The phpBB download packages were never altered.

The attackers were able to obtain access to the phpBB.com and area51 databases, meaning that user information, including hashed salted passwords, was compromised. Additionally, all logins on area51 between Dec. 12th and Dec. 15th were logged in plaintext. While the hashing algorithm utilized in phpBB will make it difficult to obtain those passwords, you should not take any chances. If you were using your phpBB.com or area51 passwords anywhere else, you must change them.

We will provide full details, including the steps we have taken since the compromise, once we are back in operation.

Потребителски аватар
teou
Site Admin
Мнения: 2961
Регистриран на: 23 ное 2012 19:57
Местоположение: Dreieich - Dreieichenhein (Hessen) / София / Синеморец
Контакти:

Re: Хакнаха phpbb.com, сменете си паролите

Мнение от teou » 28 дек 2014 12:36

И за да се върнем на заглавието на темата - сайта на пхпбб вече е горе

https://www.phpbb.com/community/viewtop ... &t=2283426
Hello everyone,

We're glad to be back online and look forward to putting the events of the past week behind us.

First and foremost, your personal phpBB boards were not affected in any way by the compromise of our servers. If you experienced any errors, downtime, increase in spam posts, etc. during the past week, these events were unrelated. Please post in our support forums if you need any assistance.

On Sunday December 14th, we discovered that the server powering http://www.phpbb.com had been compromised. We immediately brought our entire network offline and began a thorough investigation to determine exactly what happened.

We determined that on Friday December 12th, unauthorised access to the area51.phpbb.com server was obtained using credentials that had been stolen from a staff member via an outside source. To be clear, this was not done through a vulnerability in the phpBB software.

Code was added to record plaintext usernames and passwords to a log file. We have contacted the small group of people whose credentials were captured during the short period of time that the logger was active.

We believe that the user databases of both area51.phpbb.com and http://www.phpbb.com were retrieved by the attackers. This includes your username, email address, and a PHPass hashed version of your password. While the hashing algorithm makes it very difficult to obtain your plaintext password, the application of sufficient processing power makes it possible over time, particularly if you were using a weak password. We therefore advise all users to change your passwords on area51, phpBB.com, and on any other website where you may have been using them. Using unique passwords on all websites is a key component of good security practices.

Our server infrastructure was rebuilt from the ground up, ensuring that no malware remains. Additional components of phpBB.com will be coming online within the next few days. In due course, we plan to post a more detailed account of what was done in a blog post.

We apologise for the inconvenience this has caused and hope that you will continue to work with us to make phpBB better than ever.

Lovingly yours,

The phpBB Team

Потребителски аватар
teou
Site Admin
Мнения: 2961
Регистриран на: 23 ное 2012 19:57
Местоположение: Dreieich - Dreieichenhein (Hessen) / София / Синеморец
Контакти:

Компрометирани линкове на phpBB - Security Warning

Мнение от teou » 28 яну 2018 15:06

https://www.phpbb.com/community/viewtop ... &t=2456896
[Security] phpBB 3.2.2 Packages Compromised

Post by Marshalrusty » Sat Jan 27, 2018 2:57 am
Earlier today, we identified that the download URLs for two phpBB packages available on phpBB.com were redirecting to a server that did not belong to us. We immediately took down the links and launched an investigation.

The point of entry was a third-party site. Neither phpBB.com nor the phpBB software were exploited in this attack.

If you downloaded either the 3.2.2 full package or the 3.2.1 -> 3.2.2 automatic updater package between the hours of 12:02 PM UTC and 15:03 PM UTC on January 26th, you received an archive modified with a malicious payload.

During the course of our investigation, we were able to take steps that should render the malicious code completely inoperable. However, in the unlikely event that multiple versions of the packages exist or that something was missed, we are choosing to leave nothing to chance.

As the packages were live for only three hours, we believe that a very small number of users are affected. We therefore ask that you perform the following steps so that we may render personalized assistance:

If you believe that you have a malicious package, please email it to security@phpbb.com so that we can check it against the version we obtained. We will likewise let you know if it is affected. You may also use the SHA256 checksum found on the downloads page to verify its validity. Do not use the potentially affected package.
If you have already used the package to install or update a phpBB forum, please file an incident report on our tracker and we will assist with removal of the malicious code.
The downloads currently available on the downloads page are safe. If you have any doubts whatsoever, download a fresh copy.
п.с. Този форум е ОК

Отговори