HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

phpBB.com hacked

x00x00 MVP
edited December 2014 in General Banter


Seems that it wasn't an exploit in phpBB, but targeting those with access to the server. Most likely it is opportunist "piggy back" attack, that would target any server from any computer with access. It is also possible the staff member was targeted specifically and let their guard down.

Anyway, this is a good reason why you should keep track of who has access to your server, and anyone with high level access, follows good home security.

Some organisations even audit, such users.

grep is your friend.



  • LincLinc Detroit Admin
    edited December 2014

    Vanilla staff are required to use a unique, complex password for infrastructure access & 2FA for all biz-related accounts & full-disk encryption for laptops on penalty of death & dismemberment.

    Really, they responded as best as is possible and probably did nothing wrong at all. Shit happens.

  • peregrineperegrine MVP
    edited December 2014

    @Linc said: on penalty of Death & dismemberment.

    by dismemberment, do you mean banned, :wink: if not, what good would dismembering do after death.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • LincLinc Detroit Admin

    @peregrine said:
    what good would dismembering do after death.

    Fitting into a suitcase for international crossings.

  • hgtonighthgtonight ∞ · New Moderator

    @Linc said:
    Fitting into a suitcase for international crossings.


    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • I heard in Canada they send round a moose assassin.

    grep is your friend.

Sign In or Register to comment.