www.phpbb.com defaced

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • SmokeyTheBear
    ►SouthOfHeaven
    • Jun 2004
    • 28609

    #1

    www.phpbb.com defaced

    ouch , i think its the same group who got darkjedi
    hatisblack at yahoo.com
  • Manowar
    jellyfish  
    • Dec 2003
    • 71528

    #2
    i couldnt connect to it earlier today, still not loading either

    Comment

    • SmokeyTheBear
      ►SouthOfHeaven
      • Jun 2004
      • 28609

      #3
      They shut it down..

      They are using a php exploit..
      hatisblack at yahoo.com

      Comment

      • borked
        Totally Borked
        • Feb 2005
        • 6284

        #4
        ANOTHER one? There was a vulnerability affecting versions up to 2.0.11 announced some time early December...woulda thought they might have patched their own website....now ANOTHER ONE?!! lol

        For coding work - hit me up on andy // borkedcoder // com
        (consider figuring out the email as test #1)



        All models are wrong, but some are useful. George E.P. Box. p202

        Comment

        • SmokeyTheBear
          ►SouthOfHeaven
          • Jun 2004
          • 28609

          #5
          they have the page back up with a message..

          the hacker was siemens from kosovo hackers group i think
          hatisblack at yahoo.com

          Comment

          • kernelpanic
            Too lazy to set a custom title
            • Jan 2005
            • 2961

            #6
            Damn, this is like the sixth time in the past few months. That says something about their software, since only one of those breaches has been due to an exploit in the PHP module itself.


            ZangoCash - Turn Your Traffic Into Ca$h.
            $.40 Per Install - No Tier

            Comment

            • SmokeyTheBear
              ►SouthOfHeaven
              • Jun 2004
              • 28609

              #7
              while looking into the group that got darkjedi's website , i noticed this group of hackers arguing with another group about some sort of political hacking contest..

              kind of like russia against usa. only its albania
              hatisblack at yahoo.com

              Comment

              • fris
                Too lazy to set a custom title
                • Aug 2002
                • 55679

                #8
                who cares. if people would learn to secure their shit it wouldnt happen.

                move on.
                Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                Comment

                • SmokeyTheBear
                  ►SouthOfHeaven
                  • Jun 2004
                  • 28609

                  #9
                  Originally posted by kernelpanic
                  Damn, this is like the sixth time in the past few months. That says something about their software, since only one of those breaches has been due to an exploit in the PHP module itself.

                  on the site it says that its not phpbb but a fault in another piece of software, but it also says they havent heard of any phpbb sites hacked in months , and we know this is not true. Im pretty sure thehun got taken down this way on a fairly new exploit for phpbb
                  hatisblack at yahoo.com

                  Comment

                  • SmokeyTheBear
                    ►SouthOfHeaven
                    • Jun 2004
                    • 28609

                    #10
                    btw you have to go to http://phpbb.com not www.phpbb.com




                    www.phpbb.com
                    Creating Communities


                    At present www.phpbb.com is offline due to a group of politically motivated hackers wishing to use an opensource project to push their agenda ... shame on them.

                    I will take this opportunity to note that given currently available information this hacking episode does not appear to be due to phpBB itself. Instead a third party application looks to have been the problem. Other sites were attacked at the same time as www.phpbb.com by the same group displaying the same information and in these cases the same third party application has been suggested as the common factor (thus far). Equally we are not aware of any other phpBB boards being attacked and we have not been notified of any valid security issues recently. Obviously we will have more details when we've reviewed just what happened.

                    We are working to recover the server but this may take some time. Meanwhile users can visit our development board, area51.phpbb.com where they can receive support for phpBB 2.0.x. Of course you can also view the next version of phpBB, 3.0 "Olympus" in the process (minus the new style of course!)

                    We are also maintaining our IRC support channel, #phpbb on the irc.freenode.net network

                    We apologise for any problems this may cause our userbase. We obviously take the huge support our community gives phpBB very seriously. And we will do our best to return to "normal operations" just as soon as we can.

                    psoTFX - phpBB Group
                    hatisblack at yahoo.com

                    Comment

                    • kernelpanic
                      Too lazy to set a custom title
                      • Jan 2005
                      • 2961

                      #11
                      Originally posted by SmokeyTheBear
                      on the site it says that its not phpbb but a fault in another piece of software, but it also says they havent heard of any phpbb sites hacked in months , and we know this is not true. Im pretty sure thehun got taken down this way on a fairly new exploit for phpbb
                      Thats what they said initially concerning a previous exploit back during the summer, yet it later was revealed that the routines for checking input were faulty, allowing arbitrary SQL statement execution.

                      I'm skeptical of them passing the buck to another software application - if their sysadmin knew what he was doing, they wouldn't be running anything else on a high-traffic production server, especially one that has been targeted frequently.
                      Last edited by kernelpanic; 02-06-2005, 01:25 PM.


                      ZangoCash - Turn Your Traffic Into Ca$h.
                      $.40 Per Install - No Tier

                      Comment

                      • Rui
                        web
                        • Dec 2001
                        • 9533

                        #12
                        I really hope newer exploits for phpBB don't show up...

                        Comment

                        • goBigtime
                          Confirmed User
                          • Nov 2002
                          • 7761

                          #13
                          From the site:


                          I will take this opportunity to note that given currently available information this hacking episode does not appear to be due to phpBB itself. Instead a third party application looks to have been the problem.



                          Thanks for sharing what 3rd party application that was

                          Comment

                          Working...