Reports filed to the Security Tracker

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Suggested Hosts
Post Reply
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Reports filed to the Security Tracker

Post by Techie-Micheal »

Hi,

In the interest of speeding up the investigations needed for filed security reports, we ask once again that you provide us with some basic information. In the past, we have on more than one occasion received a report that contained simply "my website got hacked, contact me for the script" or similar. While this is a start, it is not enough to open an investigation. Some basic things to note in your report when you file:
  • If you think you know how an intruder was able to get in to your phpBB, tell us. Don't make us have to ask you, that just slows things down, and creates problems for everybody. We want this to be as smooth and as quick as possible.
  • Note the version of phpBB you are using. Yes, the tracker asks you when you file, but it doesn't hurt to note it again in the body of the report.
  • If you have any MODs, say so. We won't bite your head off. ;)
  • We would like only reports for the latest version of phpBB. If you find something in an older version, test it first in the latest version, and see if it works. If it does, tell us.
  • Give us step-by-step instructions on how to recreate the problem. Again, don't make us guess or ask you, this just slows things down and causes problems for the both of us. That's not what we want, and that's not what you want.
  • Unfortunately, we can't respond to reports about "my site was hacked using x old version." The Security Tracker is for new reports only. If you were attacked using an older version, post in the support forum, and a Support Team Member will help you out in getting back up and running.
For those who would like to know more, please visit the following links for information on what we, or a typical software company, looks for in an incident report.

http://www.adobe.com/misc/securityform.html
http://www.ciac.org/ciac/CIAC_incident_ ... cs.html#12
https://s.microsoft.com/technet/securit ... ertus.aspx

The phpBB Team
Proven Offensive Security Expertise. OSCP - GXPN

Post Reply

Return to “Announcements”