The website itself wasn't affected in any way, so the hashes were not altered. Anyone who verified the hash would have known, but realistically very few people do.
For access to your forum + many more.
I'm sorry John, can you share/recommend some good "file verification software"?
Only if you downloaded phpBB on that day between those hours..
If you believe that you have a malicious package, please email it to firstname.lastname@example.org so that we can check it against the version we obtained. We will likewise let you know if it is affected.
If you have already used the package to install or update a phpBB forum, please file an incident report on our tracker and we will assist with removal of the malicious code. https://tracker.phpbb.com/projects/INCIDENT/
I am sure the following question raised for a lot of us..https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896 wrote: Earlier today, we identified that the download URLs for two phpBB packages available on phpBB.com were redirecting to a server that did not belong to us. We immediately took down the links and launched an investigation.
The point of entry was a third-party site. Neither phpBB.com nor the phpBB software were exploited in this attack.
Yes but, assuming that a person did download during that time frame but has since deleted the original file so can't check the hash of the file. The reason that I ask is because this seems to me to be a rather complete way of making sure that you are OK so my first thought is that this can't be a good answer because so far nothing I see says that this is a way to make sure that you fix the problem. So is the reason that I am not seeing this being discussed as a possible solution that it is very difficult to do for some users of large boards or is it that it will not necessarily fix the problem completely? Because I have a small personal simplistic board and if this would indeed fix everything 100% guaranteed then I can do this. But if it will not fix anything then I won't waste my time.
We all are aware of that, already.
Well, since the links are posted at .com, I do (the whole web does I guess) believe there is at least a discrepance on what has been stated.we identified that the download URLs for two phpBB packages available on phpBB.com were redirecting to a server that did not belong to us.... snip .. The point of entry was a third-party site. Neither phpBB.com nor .... snip
Which one and how? Downloads are primarily from this websites, or is there a reason why SourceForge is not named?