IMPORTANT: Security issue about PHPBB

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • SteveLightspeed
    Confirmed User
    • Jul 2001
    • 7940

    #1

    IMPORTANT: Security issue about PHPBB

    If anyone is running the Phpbb message board system on their sites, check this out

    http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=244451

    We just found out about this, unfortunately we learned the hard way after hackers used this exploit to seriously fuck us.

    This exploit is well known by hackers, and porn sites ARE BEING TARGETED!


    Steve Lightspeed
    Abra-cadabra!
  • KRL
    Entrepreneur
    • Oct 2002
    • 31429

    #2
    I think that alert was posted Steve about 2 weeks ago. Or is this a new one??
    If you would like to develop your domains, you can lease inexpensive foreign labor
    from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!

    *** *** *** *** *** *** *** *** *** *** *** ***
    Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

    Comment

    • bllott
      Confirmed User
      • Mar 2004
      • 2368

      #3
      Originally posted by Lightspeed
      If anyone is running the Phpbb message board system on their sites, check this out

      http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=244451

      We just found out about this, unfortunately we learned the hard way after hackers used this exploit to seriously fuck us.

      This exploit is well known by hackers, and porn sites ARE BEING TARGETED!


      Steve Lightspeed
      thanks man!

      Comment

      • SteveLightspeed
        Confirmed User
        • Jul 2001
        • 7940

        #4
        Originally posted by KRL
        I think that alert was posted Steve about 2 weeks ago. Or is this a new one??
        Well, if it was, my whole staff missed it, and we read GFY every day.

        Couldn't hurt to mention it again, right? I wish someone would have reposted it for us to find out about this before this week.

        Steve Lightspeed
        Abra-cadabra!

        Comment

        • Johny Traffic
          Confirmed User
          • Apr 2003
          • 5461

          #5
          Well, if it was, my whole staff missed it, and we read GFY every day.
          Get them to start reading it with there eyes open

          Its been posted many many times http://www.gofuckyourself.com/showth...hreadid=400875

          But worth bringing up again Its a real fucker


          hosted flv's, hosted galleries, morphing rss feeds, free content, free sites, hosted blog

          Comment

          • Cory W
            Deeply shallow
            • Jan 2004
            • 9133

            #6
            We replaced that code asap. Our board is not connected to our Weg servers, but my concern was the user/pass information in the phpbb sql database.

            Out of curiousity Steve, what did they attempt to do?

            On a side note, I would import all of that information into V-Bulletin. I have been saying this for the past year. It takes about 2 hours for a good programmer to use the innate import script. It is just safer.
            ICQ: 292310358
            Offering writing and content services (mainstream).
            Marketing for L3 Payments

            Comment

            • SteveLightspeed
              Confirmed User
              • Jul 2001
              • 7940

              #7
              Thanks Johnny Traffic,

              It may just be that this board moves too fast sometimes, or we got distracted with something else.

              Wish I would have seen your warning myself.


              Steve Lightspeed
              Abra-cadabra!

              Comment

              • Cory W
                Deeply shallow
                • Jan 2004
                • 9133

                #8
                Originally posted by Johny Traffic
                Get them to start reading it with there eyes open

                Its been posted many many times http://www.gofuckyourself.com/showth...hreadid=400875

                But worth bringing up again Its a real fucker
                Yep, thanks for your post.
                ICQ: 292310358
                Offering writing and content services (mainstream).
                Marketing for L3 Payments

                Comment

                • SteveLightspeed
                  Confirmed User
                  • Jul 2001
                  • 7940

                  #9
                  Originally posted by WEG Cory
                  Out of curiousity Steve, what did they attempt to do?
                  They deleted our entire Lightspeed4 database. We are still working with Natnet to recover everything. Thank God for Natnet, or we would be in serious deep shit.

                  Steve Lightspeed
                  Abra-cadabra!

                  Comment

                  • Fake Nick
                    So Fucking Banned
                    • Jul 2004
                    • 7708

                    #10
                    hahahaha how could you have missed the thread about Saudi Arabia NOT being in ASIA ? ? ?

                    that thread was started about a board being hacked by some Saudi dudes who used this exploit


                    someone called them asian hackers but the oracle porn dissagreed and try to convince the world (read gfy) that Saudi Arabia is NOT in asia


                    how could all of your employees have missed a 5 page thread that went on for couple of days !! !


                    they are taking advantage of you Steve ! someone should get fired over this

                    Comment

                    • dirtysouth
                      Confirmed User
                      • Jul 2003
                      • 2613

                      #11
                      Originally posted by Fake Nick
                      hahahaha how could you have missed the thread about Saudi Arabia NOT being in ASIA ? ? ?

                      that thread was started about a board being hacked by some Saudi dudes who used this exploit


                      someone called them asian hackers but the oracle porn dissagreed and try to convince the world (read gfy) that Saudi Arabia is NOT in asia


                      how could all of your employees have missed a 5 page thread that went on for couple of days !! !


                      they are taking advantage of you Steve ! someone should get fired over this
                      One of the funniest threads of the year for sure!
                      no sig

                      Comment

                      Working...