Forum security

Post Reply
User avatar
1024MAK
Posts: 568
Joined: 24 Dec 2012 03:01
Location: Looking forward to summer, in Somerset, UK

Forum security

Post by 1024MAK » 01 Oct 2015 00:50

StarDot Forum recently went off line for 36 hours :(. But it is back up and running okay and has been for a little while now :D.
StarDot Admin wrote:The forum database was compromised. The upshot of which is that the contents of the database user table was stolen, resulting in everyone's username, email address and hashed password being harvested.
StarDot Admin wrote:The breach was a result of letting our underlying server software get out-of-date. We were three minor upgrades of the forum software behind, but I postponed the last forum upgrades because the underlying versions of PHP, the database and the operating system itself were all getting very old and would have broken the upgraded forum software. Unfortunately, the old version of the operating system we were running made it very hard to do an in-place upgrade of the OS. We've been well aware that a migration to a brand-new server was required, but due to the complexity of some of the sites we run that live on the same server as this forum, I have been putting it off. This breach - which was undoubtedly the result of an automated malicious software scan - is a result of that laziness, and I'll have to hold my hand up to it. :/
On another forum (Atari-forum), the admin has discovered how bad Tapatalk is at abusing the phpBB software. TapaTalk extension breaks some fundamental phpBB API rules. So that admin has completely removed it.

I don't know how up to date the phpBB software is here, but I thought it wise to let everyone know about these problems, so if actions are needed, they can be taken.

Mark

Post Reply