Welcome Back phpBB.com

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Ideas Centre
Post Reply
User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29173
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Welcome Back phpBB.com

Post by Marshalrusty » Wed Dec 24, 2014 2:57 am

Hello everyone,

We're glad to be back online and look forward to putting the events of the past week behind us.

First and foremost, your personal phpBB boards were not affected in any way by the compromise of our servers. If you experienced any errors, downtime, increase in spam posts, etc. during the past week, these events were unrelated. Please post in our support forums if you need any assistance.

On Sunday December 14th, we discovered that the server powering http://www.phpbb.com had been compromised. We immediately brought our entire network offline and began a thorough investigation to determine exactly what happened.

We determined that on Friday December 12th, unauthorised access to the area51.phpbb.com server was obtained using credentials that had been stolen from a staff member via an outside source. To be clear, this was not done through a vulnerability in the phpBB software.

Code was added to record plaintext usernames and passwords to a log file. We have contacted the small group of people whose credentials were captured during the short period of time that the logger was active.

We believe that the user databases of both area51.phpbb.com and http://www.phpbb.com were retrieved by the attackers. This includes your username, email address, and a PHPass hashed version of your password. While the hashing algorithm makes it very difficult to obtain your plaintext password, the application of sufficient processing power makes it possible over time, particularly if you were using a weak password. We therefore advise all users to change your passwords on area51, phpBB.com, and on any other website where you may have been using them. Using unique passwords on all websites is a key component of good security practices.

Our server infrastructure was rebuilt from the ground up, ensuring that no malware remains. Additional components of phpBB.com will be coming online within the next few days. In due course, we plan to post a more detailed account of what was done in a blog post.

We apologise for the inconvenience this has caused and hope that you will continue to work with us to make phpBB better than ever.

Lovingly yours,

The phpBB Team

----
Please discuss this announcement in the discussion topic
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

User avatar
MichaelC
Website Team Leader
Website Team Leader
Posts: 3635
Joined: Mon Dec 21, 2009 3:36 pm
Location: Surrey, UK
Name: Michael Cullum
Contact:

Re: Welcome Back phpBB.com

Post by MichaelC » Sun Jan 11, 2015 3:35 am

We're proud to announce that all of our websites and services are now back online including our blog, wiki, issue tracker and development site, Area51. We would like to thank the team at Oregon State University's Open Source Lab and everyone else involved for their efforts in bringing things back online.

Should you be still be experiencing any problems with accessing our websites (sites on the phpbb.com domain) then please use the contact form on our status site or email website [at] phpbb [dot] com.

Thanks,
The phpBB Team
:)
Formerly known as Unknown Bliss
Please don't PM me for support (or stuff that belongs in the forums or tracker) but otherwise feel free
Website Feedback || Website Tracker

Post Reply

Return to “Announcements”

Who is online

Users browsing this forum: Flerex and 19 guests

cron