Joined: Sat Oct 16, 2004 7:44 pm Posts: 8910 Location: Santa Cruz Gender: Male
For anyone who doesnt know, this RM board runs on open source software called phpbb (php is a programming language, and bb stands for bulletin board). Hopefully, this incident doesnt stop the future developemnt of their project (which benefits our RM community).
At present http://www.phpbb.com is offline due to a group of politically motivated hackers wishing to use an opensource project to push their agenda ... shame on them.
We have some possible further details of the events which led to the loss of http://www.phpbb.com. Though I have not spoken with them myself I have learnt through an intermediary the group that appears to have attacked phpbb.com did indeed use a vulnerability in awstats to gain entry to our server (note the singular use of server there, we don't own a server cluster, just a server).
Since it would be totally inappropriate in this situation to simply "restore" (without investigating what happened we could simply be restoring an already vulnerable system) the box is being shipped from its datacenter to our server manager. There it will be analysed so we can confirm just what happened. Of course a full reinstall will then be performed after recovering the database. This will take some time. We are hoping to have an intermediate solution but there are no guarantees this is doable, or even worthwhile given the time frames. As I said before, best guesstimates for a return are from tomorrow (8th Feb) through to the end of this week.
To our community, please do not ask us for further updates as to the situation, its cause, etc. Everything we have to say is said here. Our support channel (#phpbb) on IRC has at times been swamped with "What happened? Any news?" style questions which are making it extremely difficult to support users with real issues. So we appreciate the interest but please, accept that we have nothing else to add.
Users in need of support with phpBB 2.0.x can visit our development board, area51.phpbb.com where such support is being offered at this time. Of course you can also view the next version of phpBB, 3.0 "Olympus" in the process (minus the new style of course!). We are also maintaining our IRC support channel, #phpbb on the irc.freenode.net network
Again we apologise for any problems this may cause our userbase. We obviously take the huge support our community gives phpBB very seriously. And we will do our best to return to "normal operations" just as soon as we can.
Joined: Sun Oct 17, 2004 7:19 pm Posts: 39068 Location: Chapel Hill, NC, USA Gender: Male
Buggy wrote:
aerojad wrote:
Hacking is so pointless.
I suppose it does show that security flaws exist in some programs and should be fixed.
Oh, well then, yes, they should be proud. I'm glad to see someone looking out for our well being.
_________________ "Though some may think there should be a separation between art/music and politics, it should be reinforced that art can be a form of nonviolent protest." - e.v.
Joined: Sat Oct 16, 2004 7:44 pm Posts: 8910 Location: Santa Cruz Gender: Male
aerojad wrote:
But from the sounds of it, it wasn't a white-hat job, it was malicious.
Oh, it totally was, I agree. I'm just saying that if there is any good at all that comes out of it, it's that another hole should be fixed in someones software. Not amazing I guess, but....just looking on the bright side.
Users browsing this forum: No registered users and 3 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
