IMPORTANT - Forums compromised, please change your password

Want to just shoot the breeze? Forum 42 is the place!

Moderator: Moderators

User avatar
marshallh
Moderator
Posts: 2986
Joined: Sat Sep 10, 2005 2:17 pm
360 GamerTag: marshallh
Location: here and there
Contact:

IMPORTANT - Forums compromised, please change your password

Post by marshallh » Mon Jan 24, 2011 10:00 pm

This evening the forums were compromised for a short time. We caught it fairly quickly and have reversed all known damage.

The passwords in phpbb are stored in a hashed form and we cannot see any password traps, however it is a good idea to change your password now, and if you used the same password on any other sites, to change those as well.

Please post here if you see anything unusual or missing posts, etc.

Thanks for your understanding
Image

User avatar
lifeisbetterwithketchup
Senior Member
Posts: 2180
Joined: Fri Jul 21, 2006 12:08 pm
Steam ID: lifeisbetterwithketchup
Location: Illinois. Whee.
Contact:

Re: IMPORTANT - Forums compromised, please change your password

Post by lifeisbetterwithketchup » Mon Jan 24, 2011 10:08 pm

Thanks for the update.

Kudos to the mods; acted nice and fast on this mess.
Rekarp wrote:
mako321 wrote:What makes you head ninja, anyways? :wink:
Cause I am Abe F#!@ing Lincoln. :mrgreen:

User avatar
mako321
Posts: 711
Joined: Mon Aug 10, 2009 6:27 am

Re: IMPORTANT - Forums compromised, please change your password

Post by mako321 » Mon Jan 24, 2011 10:13 pm

Any idea who the culprit is?

User avatar
Triton
Moderator
Posts: 7395
Joined: Mon May 24, 2004 12:33 pm
360 GamerTag: triton199
Steam ID: triton199
Location: Iowa
Contact:

Re: IMPORTANT - Forums compromised, please change your password

Post by Triton » Mon Jan 24, 2011 10:18 pm

we're currently gathering as much info as we can about the situation. All we can say right now is we are working on it 8)
ImageImageImage
Visit us at Portablesofdoom.org

User avatar
lifeisbetterwithketchup
Senior Member
Posts: 2180
Joined: Fri Jul 21, 2006 12:08 pm
Steam ID: lifeisbetterwithketchup
Location: Illinois. Whee.
Contact:

Re: IMPORTANT - Forums compromised, please change your password

Post by lifeisbetterwithketchup » Mon Jan 24, 2011 10:23 pm

Triton wrote:we're currently gathering as much info as we can about the situation. All we can say right now is we are working on it 8)
Image
Rekarp wrote:
mako321 wrote:What makes you head ninja, anyways? :wink:
Cause I am Abe F#!@ing Lincoln. :mrgreen:

User avatar
MrAfterFx
Portablizer
Posts: 115
Joined: Mon Jan 24, 2011 10:06 pm
Steam ID: MrAfterFx

Re: IMPORTANT - Forums compromised, please change your password

Post by MrAfterFx » Mon Jan 24, 2011 10:55 pm

I am having a problem marshall. I had to make a new account with the same name but different email address. All my post are gone is there any way I can get them back?
Image

User avatar
Basement_Modder
Portablizer
Posts: 961
Joined: Sun Aug 24, 2008 7:16 am
Location: Next door to my neighbor
Contact:

Re: IMPORTANT - Forums compromised, please change your password

Post by Basement_Modder » Tue Jan 25, 2011 5:58 am

I flipped yesterday when I tried to log in and it said I was IP banned, lol.

I knew something was up when I changed my static and dynamic IP, then even went on my neighbor's wifi and I was still IP banned. :/

I'm glad the admin team is as good as it is.
Cheers,
Basement_Modder
_________________

User avatar
bicostp
Moderator
Posts: 10491
Joined: Mon Mar 07, 2005 5:47 pm
Steam ID: bicostp
Location: Spamalot
Contact:

Quite frankly

Post by bicostp » Wed Jan 26, 2011 9:01 am

There has been some concern regarding the security of the forums. I want to make it perfectly clear that this forum is as secure as any other forum running on the phpbb forum engine. It was an exploit in phpbb, not anything specific to this individual server, that allowed this to happen.

None of the phpbb engine files on the server appeared to be modified, but fresh copies of several files (from phpbb.com) were uploaded just in case.

It appears the script was only after administrator accounts (normal accounts aren't any good for seriously messing a forum up), so you shouldn't see any suspicious activity on your own accounts. However, that doesn't necessarily mean the script didn't log your old password. If you change it now, it will not be skimmed.

Also don't forget that it is highly likely that Modretro was hit by the exact same attack as this forum was, and they also run phpbb. (Remember, both exhibited the exact same "multiple failed logins on every account" issue almost simultaneously.) Change your password on both sites and you won't have anything to worry about.

User avatar
Basement_Modder
Portablizer
Posts: 961
Joined: Sun Aug 24, 2008 7:16 am
Location: Next door to my neighbor
Contact:

Re: IMPORTANT - Forums compromised, please change your password

Post by Basement_Modder » Wed Jan 26, 2011 3:04 pm

MrAfterFx wrote:I am having a problem marshall. I had to make a new account with the same name but different email address. All my post are gone is there any way I can get them back?

Quoted to aid admins in seeing this small post.
Cheers,
Basement_Modder
_________________

User avatar
bicostp
Moderator
Posts: 10491
Joined: Mon Mar 07, 2005 5:47 pm
Steam ID: bicostp
Location: Spamalot
Contact:

Re: IMPORTANT - Forums compromised, please change your password

Post by bicostp » Wed Jan 26, 2011 3:34 pm

MrAfterFx, unfortunately the hacker deleted your account and there is no way to restore it from the phpbb admin panel. (Several other accounts were deleted as well.) It is theoretically possible to take your posts from the most recent backup and inject them back into the live database, but I don't know when the last backup was made and that is something that has to be handled through cPanel.

User avatar
MrAfterFx
Portablizer
Posts: 115
Joined: Mon Jan 24, 2011 10:06 pm
Steam ID: MrAfterFx

Re: IMPORTANT - Forums compromised, please change your password

Post by MrAfterFx » Wed Jan 26, 2011 6:56 pm

No problem BicoSTP! It doesn't bother me all to much and I am glad I could make my account again before someone made another under my name. When the site went down it almost looked like a ddos injection (Denial if System Operations Attack). PM me if you need some security ideas for phpbb. I might be able to help if you want!
Image

Electric Rain
Senior Member
Posts: 1911
Joined: Tue Mar 29, 2005 12:39 pm
PSN Username: Denki_no_Ame
Location: What's it to you? Stalker...
Contact:

Re: IMPORTANT - Forums compromised, please change your password

Post by Electric Rain » Thu Jan 27, 2011 2:06 am

Just as long as they didn't start posting under my name making it look like I came back to the forums or something after all this time...


Wait...


Damn.
Image

User avatar
Tchay
Posts: 643
Joined: Sun Apr 12, 2009 6:42 pm
Location: Hollywood

Re: IMPORTANT - Forums compromised, please change your password

Post by Tchay » Fri Jan 28, 2011 12:16 am

Electric Rain wrote:Just as long as they didn't start posting under my name making it look like I came back to the forums or something after all this time...


Wait...


Damn.

:shock:

:jawdrop:
Image Image

Electric Rain
Senior Member
Posts: 1911
Joined: Tue Mar 29, 2005 12:39 pm
PSN Username: Denki_no_Ame
Location: What's it to you? Stalker...
Contact:

Re: IMPORTANT - Forums compromised, please change your password

Post by Electric Rain » Fri Jan 28, 2011 3:42 am

Tchay wrote:
Electric Rain wrote:Just as long as they didn't start posting under my name making it look like I came back to the forums or something after all this time...


Wait...


Damn.

:shock:

:jawdrop:
Hah... don't get excited or anything. I not coming back. XD I'm in college now! No time for the forums. >.< But that excuse only applies for the past three weeks. I have no excuses for the past... two years? Or something? ^-^'
Image

User avatar
ShockSlayer
Niblet 64
Posts: 5059
Joined: Thu Jun 29, 2006 12:47 pm
Location: In my inbox.

Re: IMPORTANT - Forums compromised, please change your password

Post by ShockSlayer » Fri Jan 28, 2011 7:44 am

Electric Rain. I remember that guy. Was pretty cool. PUNCH HIM.

:P
http://twitter.com/ShockSlayer" onclick="window.open(this.href);return false;

Post Reply