Incident Response |
Description: The Support Team's new stance on Incident Response |
Author: Techie-Micheal |
Date: Sun Jun 20, 2004 1:25 pm |
Type: Info |
Keywords: ir, incidents, response, responses, security |
Category: Miscellanea |
|
Due to an increase in attacks on all internet applications, (not just phpBB) the Support Team is taking a more proactive approach when dealing with compromised installations of phpBB. The Support Team, and only the Support Team and other Team Members will determine if their installation has been compromised. Users are to not determine if the installations has been compromised. This only increases the work necessary for everybody. The Support Team has in the past helped to clean up compromised installations, and will continue to do so. However, these changes will be taking place.
1. You may well receive a response such as "You need to update to the latest version of phpBB. Please backup your database, and PM me with the location of your files and database downloads, and I will review them."
2. If it is determined that the security hole does indeed lie with the latest version of phpBB, we will remove the topic from public review, and will work with you privately.
3. security@ needs to be used for new security related matters only. Any old security matters or support will receive no reply from that address, or possibly a terse reply. The Support Team (and the Team Members in general) do not have time to go through bugtraq to see if anything needs to be brought to the attention of the developers. This however, does not mean to email security@ for support issues.
Thank you.
Sincerely,
The Support Team |
|
|