HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
phpBB.com hacked
x00
MVP
https://www.phpbb.com/community/viewtopic.php?f=14&t=2283426
Seems that it wasn't an exploit in phpBB, but targeting those with access to the server. Most likely it is opportunist "piggy back" attack, that would target any server from any computer with access. It is also possible the staff member was targeted specifically and let their guard down.
Anyway, this is a good reason why you should keep track of who has access to your server, and anyone with high level access, follows good home security.
Some organisations even audit, such users.
grep is your friend.
0
Comments
Vanilla staff are required to use a unique, complex password for infrastructure access & 2FA for all biz-related accounts & full-disk encryption for laptops on penalty of death & dismemberment.
Really, they responded as best as is possible and probably did nothing wrong at all. Shit happens.
by dismemberment, do you mean banned,
if not, what good would dismembering do after death.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Fitting into a suitcase for international crossings.
https://www.youtube.com/watch?feature=player_detailpage&v=2xUynRdzzsM#t=36
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
I heard in Canada they send round a moose assassin.
grep is your friend.