Quick Login   
Register AdminFusion Tutorials Post Fusion Forum Matrix
Go Back AdminFusion » Software & Tech » Software » phpBB » [phpBB News] [Security] phpBB 3.2.2 Packages Compromised
Old 01-28-2018, 03:06 AM   #1
Industry News 

Industry News is offline

Title: Forum Guru

Feedback Score: 0 reviews

Join Date: Sep 2005

Posts: 9,268

Industry News is on a distinguished road
Post [phpBB News] [Security] phpBB 3.2.2 Packages Compromised

Earlier today, we identified that the download URLs for two phpBB packages available on phpBB.com were redirecting to a server that did not belong to us. We immediately took down the links and launched an investigation.<br>
The point of entry was a third-party site. <strong class="text-strong">Neither phpBB.com nor the phpBB software were exploited in this attack.</strong><br>
If you downloaded either the 3.2.2 full package or the 3.2.1 -> 3.2.2 automatic updater package between the hours of <strong class="text-strong">12:02 PM UTC and 15:03 PM UTC on January 26th</strong>, you received an archive modified with a malicious payload. <br>
During the course of our investigation, we were able to take steps that should render the malicious code completely inoperable. However, in the unlikely event that multiple versions of the packages exist or that something was missed, we are choosing to leave nothing to chance.<br>
As the packages were live for only three hours, we believe that a very small number of users are affected. We therefore ask that you perform the following steps so that we may render personalized assistance:<br>

<ol style="list-style-type:decimal"><li>If you believe that you have a malicious package, please email it to <a href="mailto:security@phpbb.com">security@phpbb.co m</a> so that we can check it against the version we obtained. We will likewise let you know if it is affected. You may also use the SHA256 checksum found on the <a href="https://www.phpbb.com/downloads/" class="postlink">downloads page</a> to verify its validity. Do not use the potentially affected package.</li>
<li>If you have already used the package to install or update a phpBB forum, please <a href="https://tracker.phpbb.com/projects/INCIDENT/" class="postlink">file an incident report on our tracker</a> and we will assist with removal of the malicious code.</li>
<li>The downloads currently available on the <a href="https://www.phpbb.com/downloads/" class="postlink">downloads page</a> are safe. If you have any doubts whatsoever, download a fresh copy.</li></ol>

Our investigation is ongoing and we will provide additional information as it becomes available.<br>
Thank you,<br>
The phpBB Team<br>
You may discuss this announcement in it <a href="https://www.phpbb.com/community/viewtopic.php?f=64&t=2456891" class="postlink">discussion topic</a>.

Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools
Display Modes

Posting Rules
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[phpBB News] phpBB 3.2.2 Release - Please Update Industry News phpBB 0 01-08-2018 04:25 AM
[phpBB News] phpBB 3.1 Ascraeus Feature Release Published Industry News phpBB 0 11-14-2014 09:41 AM
[phpBB News] phpBB 3.1 Ascraeus Feature Release Published Industry News phpBB 0 10-29-2014 10:43 AM
[phpBB News] phpBB 3.0.6 released Industry News phpBB 0 11-17-2009 04:41 PM
[phpBB News] phpBB announces its community coding projects Industry News phpBB 0 11-18-2005 07:00 AM


All times are GMT +1. The time now is 11:50 PM. Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.

© 2016 AdminFusion | Advertisers | Investors | Legal | A member of the Crowdgather Forum Community
Inactive Reminders By Mished.co.uk and FTP-Anime.com