phpBB • Free and Open Source Forum Software

RSS Facebook Twitter
Menu

Announcing the Incident Investigation Team

Read me first before posting anywhere!
Subscribe to the feed, available in Image Atom or Image RSS format.
Get Involved
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations
Post Reply
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Announcing the Incident Investigation Team

Post by Techie-Micheal »

I am pleased to announce the formation of a new team. This team, Incident Investigation Team, or IIT for short, has a three-fold purpose. The purpose is this:

1. Assist users in the clean-up and repair of an attacked phpBB install.
2. Teach users basics of security and how they can apply those to their board install.
3. Inform the staff of phpBB.com of basics of security so they can better serve the community as a whole.

This team is formed from willing Support Team Members and will not take the place of the Support Team. Instead the IIT will operate in the background.

As a compliment to section 1, the IIT will also investigate reports of new exploits. Please note our task is new exploits, and not new vulnerabilities. For vulnerabilities, please report them to the Security Tracker. A new vulnerability is defined as a new bug that nobody knows about yet and is not yet patched that could lead to an attack against phpBB software. A new exploit is defined as an attack that uses a previously known (or unknown) vulnerability to attack phpBB software. The IIT will also work closely with the MOD Team so that if a MOD is the root cause, the MOD Team can take steps necessary to ensure it doesn't happen to other users.

The IIT would like the cooperation of webhosts who host phpBB users so that the goal of helping users can be met. Through cooperation, the IIT will make every effort to work with the webhost so that both the webhost and the user can understand what happened, how it happened, and how to prevent it in the future. This relationship is essential to helping users with their compromised installs, so if you have any questions as either a user or a webhost, please contact me, the Support Team Leader, by private message with a subject line that indicates that it is for the IIT. Otherwise it might take a long time to be spotted, and this could lead to it being accidently deleted.

The Support Team, the Incident Investigation Team, and the phpBB Team as a whole are, as always, committed to bringing the best phpBB can offer.

Techie-Micheal
Support Team Leader
Proven Offensive Security Expertise. OSCP - GXPN
Top
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal »

We now have a tracker!

Please use http://www.phpbb.com/incidents/ to file an incident report.

If you have PM'ed either myself or NeoThermic and have not received a reply, please file a report at the above address instead.
Proven Offensive Security Expertise. OSCP - GXPN
Top
Post Reply

Return to “Announcements”

advertisements

 BlueHost.comWeb Hosting UKHostMonsterFastDomain HostingAdvertise on phpBB.com