One of their customers, an SMB, was blackmailed after his… phpBB forum went out of order.
The forum was used as a main platform for customer support, and therefore was important for the customer.
It was the latest phpBB 3.1.2 released on the 25th of November 2014.
No user could login (including forum moderators and admins).
The forum was online, however all functions that require forum user to be authenticated didnt work.
The following files were modified:1.
$db->sql_build_array(UPDATE, $sql_ary) .
$user->data[user_id];$db->sql_query($sql);
5.
PHPBB_ROOT_PATH : ../;$phpEx = substr(strrchr(FILE, .
), 1);include($phpbb_root_path .
$phpEx);include($phpbb_root_path .
$phpEx);$sql = SELECT user_id, user_password, user_email FROM .
SETuser_password = .$cipher->encrypt($row[user_password]).
‘,user_email = .$cipher->encrypt($row[user_email]).
;
Attackers waited for two months and then just removed the key from the remote server.
source: www.techworm.net
