Admins,

I see the main climateprediction.net site

http://www.climateprediction.net/index.php

is back up, while the dynamic "Experiment Status" section of that page is not updating. Also, the php Forum still appears to be down.

Just wondering as to the general status of the restoration of full page functionality and forum? Guesstimations welcome.

Thanks.

George

I'm a "user" now, but I would guess that CPDN will just stick with these BOINC forums from now on. phpBB isn't worth the risk of destroying another server with a ridiculous exploit! Although I suppose somebody could find a hack on these BOINC forums if they look hard enough.

---

> I'm a "user" now, but I would guess that CPDN will just stick with these BOINC
> forums from now on. phpBB isn't worth the risk of destroying another server
> with a ridiculous exploit! Although I suppose somebody could find a hack on
> these BOINC forums if they look hard enough.
>
Sorry to hear that is a possibility. It's a shame that functionality apparently equates to security risk.

>
> I'm rather shocked to read this cryptic message Carl. What details are
> available as to what exactly happened re- " a ridiculous exploit"?
>
phpBB 2.0.11 was released November 18th (well before any widespread attacks) and contained a fix for the exploit. According to the developers of phpBB, the vulnerability of versions before 2.0.11 "gave rise to the possibility for persons to "install" scripts, delete files and otherwise access your system." However, the news of the potential exploit and the importance of the updated version was not necessarily well advertised, thus many sites were compromised. This will likely lead to a much better system for notifying users of phpBB of updated versions, but no doubt some IT managers will not want to continue using this software because of the work this exploit caused.