Hackers took out phpbb

[OPENSTEP]

OK, so as per the norm, the day after I go away on vacation some silly hackers took down the phpbb system. I reverted back to the most recent backup of the entire db, so chances are that the august posts are gone.

I really have no clue why script kiddies love hacking this server. Go attack microsoft you asshats and leave the volunteers here alone. No one appreciates your 'skills' and you'll never be able to use them to find a real job...spend your time doing something productive instead.

ed

[JKT]

Perhaps they work for Microsoft!

Anyway shame to see it happen and also to lose all those posts, but glad it is back to something more normal... and welcome back from your hols.

[Max_Barel]

[sardisson]

I was so happy to see a full, unhacked Trinity when I came back today. It's got me happier than the Krispy Kreme opening in Dupont Circle next week! (It's a Southern thing for those of you [y'all] not familiar )

That having been said, I see that the version of phpBB running in the nuke module 2.0.4; the current version is 2.0.10 and apparently everything after 2.0.5 has been a release that fixes only security holes!

Dunno if the nuke module version has been updated to support 2.0.10, but perhaps it's something to look in to when you get the time....

Anyway, hope you had a good vacation, Ed. Thanks again for running this (and everything else OOo/Neo)!

Smokey

[OPENSTEP]

Oh yeah, I had a great vacation...over 3k miles of driving but I got to spend multiple days camping and backpacking in Glacier, Yellowstone, the Tetons, beautiful drives through Wyoming, etc. It was actually the first time in over a year that it was over a week and a half between me turning on a computer If I had, trinity would've been fixed near instantaneously

I can go back and try to recover those posts, but yeah my first order of business will be to go through and look at the security patches again. The versions of things on the server are only partially indicative of what's actually here as I've done quite a bit of manual application of security patches without changing the version. I'll definitely check into the newer versions.

Still, this was the most destructive script kiddie yet. At least the other ones had the common decency to just smat their shout outs on pages. This one felt it necessary to delete things

Deep down in my heart I hope someday he'll be rudely awoken from dreams of gingerbread houses by an otter masticating his nutsack while a wino mariachi band covers Rocketman through a pair of megaphones strapped to his skull.

ed

[jakeOSX]

glad you are back man. sounds like a good trip too.

let me know if you want me looking into things (other site choices, security updates, etc).

-j

[OPENSTEP]

Oh dude, if you have time and can minimally keep track of security updates that'd be nifty! I still haven't put nukecops or the phpbb security sites on my "daily reading" list though I'll have to do that. This latest one was interesting since it was only affecting the phpbb portion...all past attacks went straight for the nuke.

I don't think switching systems would really help since we're going to have security problems with anything that's up. These days, once something is up people will try attacking it. I could restrict browser access to only let MacWWW through....

ed

[jakeOSX]

yeah, shouldn't be an issue, PM me or catch me on iChat.

-j

[Guest]