For those who didn't notice, the Sir-Toby.Com bulletin board was hacked over the weekend. I'm not certain of the extent of the damage, but it looks like the hacker only modified several configuration settings and clobbered the names of all of the forums. I have restored the settings and forum names from a recent backup. I think I have cleaned up everything, but please let me know if you see anything that is out of place.
This hack occured due to the fact that I was running an older version of phpBB that had a vulnerability allowing anyone to obtain administrative rights to the forum. As part of recovering from this hack, I have upgraded to phpBB 2.0.13, which is not vulnerable to this particular issue. phpBB 2.0.13 has been available for over three weeks now, so I have been lax in my administrative duties for Sir-Toby.Com. For that, I apologize. I have taken steps to ensure that I will be promptly notified of any new phpBB versions, and will install future versions promptly.
During the period where this forum has been vulnerable, it appears that several people attempted to obtain a backup of the forum database. I am not certain if these attempts were succesful. However, to be on the safe side, I must assume that one or more ill-intentioned people have a complete backup of the forum database. This backup will contain a hashed copy the passwords of every user on this forum. While these passwords are hashed, making it difficult to recover the actual password, it is possible for someone with enough computing power to obtain the password used by every user on this forum. Immediately change your password on this forum! If you use the same password elsewhere, change it there as well!
1 post • Page 1 of 1