Well, this wasn't expected.
Apparently, someone was able to hack into phpBB.com, hack into the admin account, and gain access to over 300,000 passwords and usernames, including those from the support forum.
This may not seem 'horrible', but if you think about it, how many people use the same user name and/or password on every site, blog, forum, email, and other service on the internet? Many, not all, but many. This means that everyone, including RobertCity.com staff, are at major risk right now.
The following plans have been temp. canceled until further notice, to be safe:
RobertCity.com's website finished
Webmaster's Resource
The new, yes that's right, phpBB support forum switch
Any websites that are custom made under the robertcity.com domain.
We are very sorry, but we want to make sure that everyone is safe, account wise. This means changing passwords on every possible site that we are affiliated with. Yes, over 50-100 sites.
We will update this blog when things are cleared, or an update is present.
Monday, February 2, 2009
3 comments:
Thank you for your interest in the blog! We appreciate all comments made by visitors, young or old!
If you do wish to leave a comment, however, please do so in a PG:13 manner, maximum. Refrain from using excessive swear words, and do not target at or indicate to spam, porn, sexual content of any kind, or any competition or off topic content.
Remember, this is a professional business blog, or at least it is trying to stay that way.
-RobertCity.com Staff
Subscribe to:
Post Comments (Atom)
As the announcement on Area51 states, phpBB.com was not hacked through any fault of phpBB3 -- it was hacked via a security hole in an outdated PHPList installation. There is absolutely no reason to be concerned, your phpBB-based websites are perfectly fine. There are no known vulnerabilities in the phpBB3 software. Your accounts are not at risk, nor are your websites.
ReplyDeleteSo what you're saying is, because you think that your details to a forum may have been compromised, you're going to suspend work on the site (which has no direct link to the forums) to protect the accounts of people registered on forums not owned by you?
ReplyDeleteThat's one of the stupidest things I've ever read.
P3NET: Yes, after further research during the week of the incident, I discovered the true problem with the phpList mod on the website.
ReplyDeletepawl: Because I was just made aware of the incident the day that I made the blog post, I wanted to be safe and because I wasn't positive what was wrong, that 'stupid' decision was what I thought was the best choice.