* ALERT * Old Versions of PHPBB Exploited, users at risk
Posted: Sat Feb 07, 2009 8:13 pm
For about two weeks now, I have been hoping phpbb.com would come back online so I could get some modification ideas about our spam problem. Today I read this: http://area51.phpbb.com/phpBB/viewtopic ... de0a0741cc
For system admins, upgrading to the latest phpBB3 is a must. However, not all have done so.
If you are a used that uses the same ID on every board and forums along with the same password, you have a very high chance of having that account hi-jacked.
Just like people check their smoke alarms and CO2 detectors, we must be diligent to change our passwords.
Per phpBB ...
"...If the password to your phpBB.com account is used anywhere else (especially with the same username), we strongly recommend that you change it. Using the same password across multiple sites is not security wise and should not be done under any circumstance. Additionally, you should change your password on phpBB.com, when it becomes available."
For system admins, upgrading to the latest phpBB3 is a must. However, not all have done so.
If you are a used that uses the same ID on every board and forums along with the same password, you have a very high chance of having that account hi-jacked.
Just like people check their smoke alarms and CO2 detectors, we must be diligent to change our passwords.

Per phpBB ...
"...If the password to your phpBB.com account is used anywhere else (especially with the same username), we strongly recommend that you change it. Using the same password across multiple sites is not security wise and should not be done under any circumstance. Additionally, you should change your password on phpBB.com, when it becomes available."