* ALERT * Old Versions of PHPBB Exploited, users at risk

Anything and everything software related that doesn't fit above can go in here!
Post Reply
User avatar
stev
Legit Extremist
Legit Extremist
Posts: 1507
Joined: Thu Feb 16, 2006 7:29 am
Location: Nashville, TN suburbs
Contact:

* ALERT * Old Versions of PHPBB Exploited, users at risk

Post by stev »

For about two weeks now, I have been hoping phpbb.com would come back online so I could get some modification ideas about our spam problem. Today I read this: http://area51.phpbb.com/phpBB/viewtopic ... de0a0741cc

For system admins, upgrading to the latest phpBB3 is a must. However, not all have done so.

If you are a used that uses the same ID on every board and forums along with the same password, you have a very high chance of having that account hi-jacked.

Just like people check their smoke alarms and CO2 detectors, we must be diligent to change our passwords. :)

Per phpBB ...

"...If the password to your phpBB.com account is used anywhere else (especially with the same username), we strongly recommend that you change it. Using the same password across multiple sites is not security wise and should not be done under any circumstance. Additionally, you should change your password on phpBB.com, when it becomes available."
AMD X2 TK-57 1.90Ghz | F700 Quanta | PC2-5300 DDR2 2Gb | GeForce 7000M | DVDRAM GSA-T40N | HP LaserJet 1018
My Stats http://folding.extremeoverclocking.com/ ... =&u=303718
Image
http://www.eff.org - Electronic Frontier Foundation - working to protect your digital rights
User avatar
vicaphit
Legit Extremist
Legit Extremist
Posts: 2789
Joined: Thu Apr 05, 2007 2:22 pm
Location: SE Ohio

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Post by vicaphit »

I went ahead and changed my password.
----
Andy

New Rig: Intel Q6600 (2.7ghz), ASUS P5KC, 4GB DDR2-800, Palit 9600GT (1GB), Ultra X3 1KW (thanks LR!), Vista 64bit
Dell Rig: AMD Athlon X2 4000+ (2.1ghz), 2 GB DDR2 Ram, MSI 8800GT (512MB), Vista 32bit

PSN: VICaphit
User avatar
martini161
Mr Awesome
Mr Awesome
Posts: 3183
Joined: Sat Sep 08, 2007 8:27 pm
Location: Cherry Hill, New Jersey

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Post by martini161 »

i have firefox set to a master password ](*,)
User avatar
stev
Legit Extremist
Legit Extremist
Posts: 1507
Joined: Thu Feb 16, 2006 7:29 am
Location: Nashville, TN suburbs
Contact:

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Post by stev »

martini161 wrote:i have firefox set to a master password ](*,)

If you change the password here at the forums, the next time you login FireFox will relearn you new password when you key it in just the once.

It's simple to do.

Remember, just because Firefox has a master password list, that list is in no way tied to the forums. So, the forums can be breached to obtain that password.

A user needs to change their password in order for phpbb to update it to the latest security levels that are stronger.
AMD X2 TK-57 1.90Ghz | F700 Quanta | PC2-5300 DDR2 2Gb | GeForce 7000M | DVDRAM GSA-T40N | HP LaserJet 1018
My Stats http://folding.extremeoverclocking.com/ ... =&u=303718
Image
http://www.eff.org - Electronic Frontier Foundation - working to protect your digital rights
User avatar
geokilla
Moderator
Moderator
Posts: 1048
Joined: Thu Mar 15, 2007 9:46 am
Location: Toronto, Canada

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Post by geokilla »

I just changed my password to basically a universal one cus I had 4. Good thing the important stuff are on a different password.
Intel Core i5-3570K @ 4.2Ghz @ 1.16V (CPU-Z + LinX)
Gigabyte Z77X-UD5H F14 BIOS
ASUS GTX 460 768MB @ 800/1950
Kingston HyperX DDR3 8GB @ DDR-1333
Corsair AX750
Crucial M4 128GB
Western Digital Black 1TB
Cooler Master Hyper 212+ EVO
BenQ E2420HD
---------------------
I AM CANADIAN!
Thail
Legit Little One
Legit Little One
Posts: 1
Joined: Mon Apr 13, 2009 7:25 am

Re: * ALERT * Old Versions of PHPBB Exploited, users at risk

Post by Thail »

I took a while to switch over to phpBB3 from v2. Eventually my old forum was just closed and I took offline all the ones in project states, so since then I've been using 3. I liked 2 a lot, but it's difficult to run anything more than a personal/private forum in a script with no new security updates.
PC2-5300 DDR2 SDRAM - PC2-5300 memory information
Post Reply