www.phpbb.com defaced
 

ouch , i think its the same group who got darkjedi

i couldnt connect to it earlier today, still not loading either

They shut it down..

They are using a php exploit..

ANOTHER one? There was a vulnerability affecting versions up to 2.0.11 announced some time early December...woulda thought they might have patched their own website....now ANOTHER ONE?!! lol

they have the page back up with a message..

the hacker was siemens from kosovo hackers group i think

Damn, this is like the sixth time in the past few months. That says something about their software, since only one of those breaches has been due to an exploit in the PHP module itself.

while looking into the group that got darkjedi's website , i noticed this group of hackers arguing with another group about some sort of political hacking contest..

kind of like russia against usa. only its albania

who cares. if people would learn to secure their shit it wouldnt happen.

move on.

on the site it says that its not phpbb but a fault in another piece of software, but it also says they havent heard of any phpbb sites hacked in months , and we know this is not true. Im pretty sure thehun got taken down this way on a fairly new exploit for phpbb

btw you have to go to http://phpbb.com not www.phpbb.com




www.phpbb.com
Creating Communities


At present www.phpbb.com is offline due to a group of politically motivated hackers wishing to use an opensource project to push their agenda ... shame on them.

I will take this opportunity to note that given currently available information this hacking episode does not appear to be due to phpBB itself. Instead a third party application looks to have been the problem. Other sites were attacked at the same time as www.phpbb.com by the same group displaying the same information and in these cases the same third party application has been suggested as the common factor (thus far). Equally we are not aware of any other phpBB boards being attacked and we have not been notified of any valid security issues recently. Obviously we will have more details when we've reviewed just what happened.

We are working to recover the server but this may take some time. Meanwhile users can visit our development board, area51.phpbb.com where they can receive support for phpBB 2.0.x. Of course you can also view the next version of phpBB, 3.0 "Olympus" in the process (minus the new style of course!)

We are also maintaining our IRC support channel, #phpbb on the irc.freenode.net network

We apologise for any problems this may cause our userbase. We obviously take the huge support our community gives phpBB very seriously. And we will do our best to return to "normal operations" just as soon as we can.

psoTFX - phpBB Group

Thats what they said initially concerning a previous exploit back during the summer, yet it later was revealed that the routines for checking input were faulty, allowing arbitrary SQL statement execution.

I'm skeptical of them passing the buck to another software application - if their sysadmin knew what he was doing, they wouldn't be running anything else on a high-traffic production server, especially one that has been targeted frequently.

I really hope newer exploits for phpBB don't show up...

From the site:




Thanks for sharing what 3rd party application that was :disgust