I am pleased to announce the formation of a new team. This team, Incident Investigation Team, or IIT for short, has a three-fold purpose. The purpose is this:
1. Assist users in the clean-up and repair of an attacked phpBB install.
2. Teach users basics of security and how they can apply those to their board install.
3. Inform the staff of phpBB.com of basics of security so they can better serve the community as a whole.
This team is formed from willing Support Team Members and will not take the place of the Support Team. Instead the IIT will operate in the background.
As a compliment to section 1, the IIT will also investigate reports of new exploits. Please note our task is new exploits, and not new vulnerabilities. For vulnerabilities, please report them to the
Security Tracker. A new vulnerability is defined as a new bug that nobody knows about yet and is not yet patched that could lead to an attack against phpBB software. A new exploit is defined as an attack that uses a previously known (or unknown) vulnerability to attack phpBB software. The IIT will also work closely with the MOD Team so that if a MOD is the root cause, the MOD Team can take steps necessary to ensure it doesn't happen to other users.
The IIT would like the cooperation of webhosts who host phpBB users so that the goal of helping users can be met. Through cooperation, the IIT will make every effort to work with the webhost so that both the webhost and the user can understand what happened, how it happened, and how to prevent it in the future. This relationship is essential to helping users with their compromised installs, so if you have any questions as either a user or a webhost, please contact me, the Support Team Leader, by private message with a subject line that indicates that it is for the IIT. Otherwise it might take a long time to be spotted, and this could lead to it being accidently deleted.
The Support Team, the Incident Investigation Team, and the phpBB Team as a whole are, as always, committed to bringing the best phpBB can offer.
Techie-Micheal
Support Team Leader