forum user data leaked... (Compiz Forums)

Just realized that earlier today as I got spammed by people using my username from the Compiz forums…

and now I found this: from here http://smspillaz.wordpress.com/2009/11/28/abandon-fail-boat/

Abandon Fail Boat Posted on November 28, 2009 by smspillaz

The web team is in a bit of a situation. You see, we’ve been having numerous problems with the forums recently, including but not limited to:

* Not being able to log in AT ALL into the Moderator Control Panel or Administration Control Panels intermittently
* The ‘Edit’ button being broken for over a year
* ‘Delete posts as spam’ not working intermittently
* Spam getting worse every day, we recently had someone post sexually explicit and extremely objectionable to the boards which we had trouble deleting since the forum software is so horrendously broken
* And the most recent incident where confidential user data has *somehow* been leaked to spammers.

This leaves us to conclude that there must have been some exploit performed on the board. This is an extremely bad security risk and as of now the forums have been locked down until we replace them.

However, we can no longer use vBulletin. Asides from our trust being lost in its security for a product we PAID for and the fact that it is a proprietary product which, as an open source project, we cannot support, our licence key as well as user name and password for downloading the forums software has gone missing which means that we cannot upgrade the forum software.

Guillaume and I consulted with the council and a majority decision was made (2 FORs, 2 ABSTEINs, 1 NOT PRESENT) to say ‘good riddance’ to vBulletin and move onto phpBB.

phpBB has the tools for us to import the existing database as well as the theme. Guillaume made it clear that he would rather spend time adjusting the theme so that it works on phpBB rather than fixing broken proprietary software.

edit 1: the new forum has been made – no theme as of yet; it will be ready soon-ish

and see what you get when you launch a Google search with Compiz Forums… the damned site has been taken down by bloody spammers. Well they had to close it, result is the same. I already had a couple of spam pms on that forum, but never thought it would become this bad.

It’s never nice when this kind of crapp happens. Hope they where able to lock things down before
too much personal info got hacked. :cry:

they’ve closed the forums completely already; problem is they think VBulletin wasn’t secure enough and they now want to switch to phpBB; and the issue was probably due to some mistake in the forum management; might happen again with any other software. These guys are Linux guys (Compiz) and they stupidly now put also the blame on proprietary software ::slight_smile: (VBulletin).
Got four spam mails so far… as the hackers have one of my email addresses. But as I commented on the guy’s blogs, spam can be dealt easily at user level, but what happened to them on this forum is really, really bad.
Just for those who don’t know, the Compiz team are those guys responsible for the 3D Desktop on Linux.