Page 1 of 1

* ALERT * Old Versions of PHPBB Exploited, users at risk

Posted: Sat Feb 07, 2009 8:13 pm
by stev
For about two weeks now, I have been hoping phpbb.com would come back online so I could get some modification ideas about our spam problem. Today I read this: http://area51.phpbb.com/phpBB/viewtopic ... de0a0741cc

For system admins, upgrading to the latest phpBB3 is a must. However, not all have done so.

If you are a used that uses the same ID on every board and forums along with the same password, you have a very high chance of having that account hi-jacked.

Just like people check their smoke alarms and CO2 detectors, we must be diligent to change our passwords. :)

Per phpBB ...

"...If the password to your phpBB.com account is used anywhere else (especially with the same username), we strongly recommend that you change it. Using the same password across multiple sites is not security wise and should not be done under any circumstance. Additionally, you should change your password on phpBB.com, when it becomes available."

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Posted: Sat Feb 07, 2009 9:33 pm
by vicaphit
I went ahead and changed my password.

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Posted: Sat Feb 07, 2009 10:26 pm
by martini161
i have firefox set to a master password ](*,)

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Posted: Sun Feb 08, 2009 6:55 pm
by stev
martini161 wrote:i have firefox set to a master password ](*,)

If you change the password here at the forums, the next time you login FireFox will relearn you new password when you key it in just the once.

It's simple to do.

Remember, just because Firefox has a master password list, that list is in no way tied to the forums. So, the forums can be breached to obtain that password.

A user needs to change their password in order for phpbb to update it to the latest security levels that are stronger.

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Posted: Sun Feb 08, 2009 7:45 pm
by geokilla
I just changed my password to basically a universal one cus I had 4. Good thing the important stuff are on a different password.

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Posted: Mon Apr 13, 2009 7:30 am
by Thail
I took a while to switch over to phpBB3 from v2. Eventually my old forum was just closed and I took offline all the ones in project states, so since then I've been using 3. I liked 2 a lot, but it's difficult to run anything more than a personal/private forum in a script with no new security updates.