DRATS! Until this situation is resolved, I will stop recommending this site to others. That way you won't have to hand process their applications too.

Pangor

Torm, make sure all your passwords are at least 8 characters, and complex. but yet easy enough for you and you alone to remember. I would also keep an eye on updates, chances are the makers of the software are aware of the situation and are working to resolve the issue. keep it as up to date as possible with current updates. stay away from beta releases, release candidates and such as they have not been completely tested and could be causing more harm then good.

Password complexity is probably the most important. Hackers have software that they use to "brute force hack" websites. which is basically a program designed to fire passwords at a server untill it gains access. by adding numbers and punctuation to a password, you are making that softwares job all that much harder.

a bad password example would be something like - landmanb
however I can make this password much more complex by simply adding numbers - l4ndm4nb
I can further it by capitalizing each letter before the number - L4ndM4nb
add some other non alpha numeric character - L4nd$M4nb

keep in mind it would still be vulnerable to a brute force hack, however with the proper encryption, they would need a bunch of computers all working together on the algorythm for such a long period of time, an Administrator would probably notice the failed attempts and act on it.

I know the rules for passwords Landman, but the problem is more complex. The passwords are encrypted with a md5 algorythm and the program ban the user for 15 minutes when he/she fails three times, so a brute force could need years and to gain the access here and it doesn't worth the effort.

I've not the direct link but I'll search it because it could be interesting to read something about the matter for you and Pangor and everybody interested (anyway the informations are on phpbb.com and actually they are down...lol) . This crackers pass the nasty code using the posting feature of the board (php code) and the last time the automatic process "defaced" a lot of pages on attacked sites overwriting the original files.

This time it seems that they used an "awstat" something directly on the server, This shouldn't involve the phpBB software but they are investigating. In any case it's not something linked to the passwords.

I have to say that here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one. Infact they changed us the database but left the files on the same old server. It was very difficult to setup the forum here, I've done it reading a lot of tutorial and modifying some files because of other strange peculiarities of godaddy ... On ather server it is enough to write "localhost" to point to the database, here the database is on a different encrypted server, so I hope that in case of an attack, the most important thing which is the database, with all the posts and the informations, should be safe (I can easily replace the files and the graphics with a backup copy).

The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work ...

Me either. What does "this" refer to? That seems a bit negative. "" here at godaddy the configuration for the board is very funny and strange because the files are on a server and the database is on a totally different one ? I get . Oh those people.

Thank you Posy darling. I love you !

Thanks I like you a lot too TORMENTOR.

Tormie wrote:

The most bad thing abotu what happened is that they attacked an open source site, not a "big one" like micro$oft, Ibm etc., people who gains nothing from their fantastic work.


You're right! These bloody f**ckers are overall, they aren't good enough to hack commercial sites,
but they wanted to be "the great hacker" and therefore they try to hack small sites, private sites
and so on - bloody stupid guys

In fact that because it is popular open source, free software coule be the reason that it was targeted. I have seen many such attempted attacks caused by fanatics who are opposed free software and/or open source who try everything that they can to discredit it.

What bothers me even more about this attacks is that according to the announcement on their tempory page it was caused by a problem in the server, raher than in this software, still board using the software are being taken down by the hosting companies.

This reminds me of a sucessful cracker a few years ago. The main website of some open source software (I forget which software it was.) was attacked and defaced. Compared to what could have been done, the damage was mild and limited to defacing the main page. In the end it turned out that it was the hosting companys http server that was cracked, the hosting company had reciently moved that website from a platform running Apache to one running IIS. It was IIS that was compromised, but the people who were oppoed to open source ran a FUD propaganda campain against the open source software that was hosted on the site. Other websites on the same groups of servers were also defaced including those of commercial software vendors. Not much was said of that by those spreading the FUD.

Pangor

What did it look like to you? Interesting comparison. What does "it" refer to? Which others? I am a female. Are you a man or a woman?