phpBB.com 被入侵

本月 14 日,多部 phpBB.com 的主機被人入侵。經過清查,官網確認被入侵的原因是肇始於開發團隊其中一員的登入帳號遭到破解,而不是因為 phpBB 的程式碼的漏洞。官網宣稱,phpBB 的下載套件並未被篡改。

目前 phpBB.com 官網已暫停服務,仍在進行清查之中。

原文如下:

Update #3 17-12-2014 – 01:10

At this time we are proceeding with recovery efforts and have some additional important information.

We have confirmed that initial entry was made via a team member’s compromised login details and not as the result of a vulnerability in the phpBB software. The phpBB download packages were never altered.

The attackers were able to obtain access to the phpBB.com and area51 databases, meaning that user information, including hashed salted passwords, was compromised. Additionally, all logins on area51 between Dec. 12th and Dec. 15th were logged in plaintext. While the hashing algorithm utilized in phpBB will make it difficult to obtain those passwords, you should not take any chances. If you were using your phpBB.com or area51 passwords anywhere else, you must change them.

We will provide full details, including the steps we have taken since the compromise, once we are back in operation.

phpbb-down

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *

請輸入驗證碼 * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.