相關內容擷取如下:
代碼: 選擇全部
Update #3 17-12-2014 - 01:10
At this time we are proceeding with recovery efforts and have some additional important information.
We have confirmed that initial entry was made via a team member's compromised login details and not as the result of a vulnerability in the phpBB software. The phpBB download packages were never altered.
The attackers were able to obtain access to the phpBB.com and area51 databases, meaning that user information, including hashed salted passwords, was compromised. Additionally, all logins on area51 between Dec. 12th and Dec. 15th were logged in plaintext. While the hashing algorithm utilized in phpBB will make it difficult to obtain those passwords, you should not take any chances. If you were using your phpBB.com or area51 passwords anywhere else, you must change them.
We will provide full details, including the steps we have taken since the compromise, once we are back in operation.
Update #2 15-12-2014 - 23:30
On Sunday Dec. 14th, several of the web servers powering phpBB.com were compromised. Upon discovering the ongoing attack, we immediately took our network offline to perform a thorough investigation, which is continuing.
At this time, we would like to ask everyone to follow basic security protocol. If you were using your www.phpBB.com or area51.phpBB.com passwords anywhere else, please change them to unique ones.
Your personal phpBB Forums are NOT affected by the compromise of our servers.
We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days.
Further updates will be posted here when we have additional information.
- The phpBB Team
If you need urgent assistance, please make use of the #phpbb IRC channel on Freenode. A web-based client is available at http://webchat.freenode.net.
主要說明了這次斷線及攻擊事件與 phpBB 軟體安全性無關,
如果是使用 phpbb.com 或是51區的帳號密碼的會員們的帳號密碼若使用在其他地方,建議您進行更改。