Well, I was logged into Invision Power Boards seeking some help on their HUGE CSS (30k characters x_x). I stumbled into their general board. PHPBB.COM was hacked. Apparently the hacker made a blog:

http://hackedphpbb.blogspot.com/

The main page of phpbb.com states they were attacked. And a topic on their temp support forum (click here) states it as well.

I never thought I would see PHPBB.COM hacked o.O

Wow, never thought this was happen. I guess that shows that there are always security risks out there. I hope no data lost or anything bad happens.

Posted By blanka on 2nd Feb 09 at 3:50am

 

Wow, never thought this was happen. I guess that shows that there are always security risks out there. I hope no data lost or anything bad happens.

400,000 emails stolen. =O. And they cracked about 30,000 passwords.

Could this person be a Black hatter? or a White Hatter?

I hope some of you know what those 2 terms mean.

Posted By Nick on 2nd Feb 09 at 3:51pm

 

Could this person be a Black hatter? or a White Hatter?

I hope some of you know what those 2 terms mean.

No i don't

"I did it because it was fun" sounds black hat, especially seeing as they released all the stolen information..

Just a guess.

~Paddy

Posted By ashkir on 2nd Feb 09 at 2:42pm

 

Posted By blanka on 2nd Feb 09 at 3:50am

 

Wow, never thought this was happen. I guess that shows that there are always security risks out there. I hope no data lost or anything bad happens.

400,000 emails stolen. =O. And they cracked about 30,000 passwords.

Eh, that's not too good.

Posted By Nick on 2nd Feb 09 at 3:51pm

 

Could this person be a Black hatter? or a White Hatter?

I hope some of you know what those 2 terms mean.

Based off of his blog, I think that he's strongly (and obviously) a black hat hacker.

Posted By CåñåÐå™ on 2nd Feb 09 at 4:56pm

 

Posted By Nick on 2nd Feb 09 at 3:51pm

 

Could this person be a Black hatter? or a White Hatter?

I hope some of you know what those 2 terms mean.

No i don't

Lets start with the White Hatter.

A white Hatter finds exploits in forums services, they hack it, but don't do any harm. They tell the Forum Provider about it. I'm assuming the Provider highers the white hatter to do it.

A black hatter is someone who hacks forum services, and exploit the service like that one guy did to PHPBB. They can sometimes if they want to, they can inject malicious coding into the service, like stealing emails, passwords, IP's, sending out any type of virus's, etc.

I think there was another type of a hatter, I'm not really sure though.

Posted By Paddy on 2nd Feb 09 at 9:45pm

 

"I did it because it was fun" sounds black hat, especially seeing as they released all the stolen information..

Just a guess.

~Paddy

Yeah that was my thoughts too.

Posted By Nick on 3rd Feb 09 at 3:35am

 

I think there was another type of a hatter, I'm not really sure though.

Gray hatter? There are a lot of sub-categories of "hackers" actually. http://en.wikipedia.org/wiki/Hacker_(computer_security)#Hacker_attitudes

Ahh I see.

Posted By Nick on 3rd Feb 09 at 3:35am

 

Posted By CåñåÐå™ on 2nd Feb 09 at 4:56pm

 

Posted By Nick on 2nd Feb 09 at 3:51pm

 

Could this person be a Black hatter? or a White Hatter?

I hope some of you know what those 2 terms mean.

No i don't

Lets start with the White Hatter.

A white Hatter finds exploits in forums services, they hack it, but don't do any harm. They tell the Forum Provider about it. I'm assuming the Provider highers the white hatter to do it.

A black hatter is someone who hacks forum services, and exploit the service like that one guy did to PHPBB. They can sometimes if they want to, they can inject malicious coding into the service, like stealing emails, passwords, IP's, sending out any type of virus's, etc.

I think there was another type of a hatter, I'm not really sure though.

Ah, thanks Darkmage .

Your welcome The link Blanka posted tell more about them.

It saddens me that people actually do this. Some people can ruin great things with such potential by a simple hacking and I think it is only going to get worse as the world becomes more dependent upon networking computers.

Yeah..

Most likely I'm sure vF is un-hackable, and I know PB is defiantly not hackable. But allot of these open source forums, are sure to be hacked more then the non open sourced forums.

Darkmage: Nothing is unhackable. There were sites like the "Defense Department of US" that get hack. :\

Aki: I agree. Hacking is not something to be proud and especially something that is free and helpful to people like PHPbb. I do agree though that hacking will a lot more popular later on.

Posted By Nick on 5th Feb 09 at 11:56pm

 

Yeah..

Most likely I'm sure vF is un-hackable, and I know PB is defiantly not hackable. But allot of these open source forums, are sure to be hacked more then the non open sourced forums.

If someone is determined enough they can hack into anything.

It is sad that some people get enjoyment from doing these things.

Posted By Nick on 5th Feb 09 at 11:56pm

 

Yeah..

Most likely I'm sure vF is un-hackable, and I know PB is defiantly not hackable. But allot of these open source forums, are sure to be hacked more then the non open sourced forums.

Both PB and vF are far from being un-hackable dude. I know a lot of people that could do it is they wanted to take the time to do so.

Side Note: Don't get my wrong hacking is bad in most cases, but not all the time, for example I "used to" hack to get "code fragments" (not whole codes, just functions) and it makes a very good way to learn how to program.

---

Over all i'm surprised PHPBB wasn't hacked up until now, its a very open service, just like SMF and vB, if you know the software and have a fair coding knowledge of php they are easy to hack.

@ Blanka - Oh I see. But how come many people failed to hack PB, even when they "actually" tried?

@ Ross - Yeah it is sad. But some hacking can be good. Like making "Trainers" (A trainer is a computer Game hack where you can get unlimited health, experience points etc.) for games like Halo, Final Fantasy VII/VIII, Crysis, etc. But only computer games. Some "Trainers" my firewall/anti-virus program "COMODO". Sometimes shows that it's a virus, but in many cases it's not. Now if you see Keylogger or something else other then seeing "Hack Tool" then you know that trainer is bad.

@ Dwight - I see, but checking out a page's source code is considered hacking? Or is that not what you mean?

I hacked one of our university's information systems before . Some random security flaw with the way querystrings are handled. I didn't take advantage of course... reported it and it was fixed pretty quickly. I'm not that kind of person

Ahh then your a White Hatter Fru Fru

Posted By Nick on 6th Feb 09 at 2:00pm

 

@ Dwight - I see, but checking out a page's source code is considered hacking? Or is that not what you mean?

no I don't mean the source code (not in the aspects of view source anyways) at all, i'm talking backing into the server and getting file fragments, though i've only ever done it to people I know, never anyone I haven't also I found out the cpanel ain't that hard to hack considering Charles Stover hacked into mine... and you'd be surprised how easy it is to rig a poll in a phpbb forum

Dwight it wasn't the forum software that was hacked exactly, it was their PHPList their mailing list that had over 400,000 people there. People constantly use the same passwords everywhere hence associated with email and or username.

I won't lie, hacking is a lot of fun to play around with. There are games built around it.

It's like a giant word puzzle, or logic puzzle, or any other game like that. It's entertaining in its challenge. Destruction isn't fun, but seeing if you can beat it is.

~Paddy