Obviously I'm a bit biased since I and my team created it. :P

But, to my knowledge, the IIT is the first and only of its kind in the bulletin board arena. Some might say this is a bad thing. I say it is a good thing (obviously :P). What does everybody else think?

Seeing as I hadn't heard of it before, I have no opinion at this point. :) Can you tell us something about it?

Lois

http://www.phpbb.com/phpBB/viewtopic.php?t=343745 :)

To copy and paste a portion of the announcement,

I am pleased to announce the formation of a new team. This team, Incident Investigation Team, or IIT for short, has a three-fold purpose. The purpose is this:

1. Assist users in the clean-up and repair of an attacked phpBB install.
2. Teach users basics of security and how they can apply those to their board install.
3. Inform the staff of phpBB.com of basics of security so they can better serve the community as a whole.

So this means that if you were using phpBB and hadn't updated yet to the most current version, the IIT would help you recover from the attack and then help you get updated and get your site back up and running.

Sounds good to me. :) Why might some people say that it's a bad thing?

Lois

There a few things about the IIT that would bother me if I were using phpbb. Firstly, I really don't like anybody I don't know tamper with the code, especially if it was modded (which most phpbb installs are). This isn't really anything to do with IIT, just my personal preferance. I would much prefer being told how to fix the problem, than to let someone else fix it. Regarding this (http://www.phpbb.com/phpBB/viewtopic.php?t=348139) I wouldn't be too happy being told to leave it until someone else fixes it, I'd prefer steps on how to fix it myself. Again, this may just be me.

Second problem, how to contact the team? Who is in the team? I've been looking to try and find these answers on phpbb.com, but can't find it anywhere. I know the team is pretty new, but IMO it could do with more to make itself known.

Overall, I think it is a good idea. It's also great that phpbb staff are happy to give up their time to do something like this, considering it is free software. :)

There a few things about the IIT that would bother me if I were using phpbb. Firstly, I really don't like anybody I don't know tamper with the code, especially if it was modded (which most phpbb installs are). This isn't really anything to do with IIT, just my personal preferance. I would much prefer being told how to fix the problem, than to let someone else fix it. What we would do is have you zip up logs, database backup, and files. Everything is then MD5'ed to ensure we don't accidently tamper or someone else doesn't accidently tamper. We then review everything. In the past we've seen website files that were exploitable and not done through phpBB so we contacted them and let them know.
Regarding this (http://www.phpbb.com/phpBB/viewtopic.php?t=348139) I wouldn't be too happy being told to leave it until someone else fixes it, I'd prefer steps on how to fix it myself. Again, this may just be me. In a way, that's part of the plan. But, we've had people remove a modified file or a bad database entry and updated and moved on. A few hours later, they were attacked again. If we had been able to review the unmodified logs, files, and database, we could have been able to tell them the root cause. And that brings us to basic Incident Handling. I completely understand that users want to be able to do this themselves, heck I would too, but I do this in real life at my day job so in my real life job, I have legal responsibility and that kinda carried over in to the planning of this team to do things in a step-by-step fashion.

Second problem, how to contact the team? Who is in the team? I've been looking to try and find these answers on phpbb.com, but can't find it anywhere. I know the team is pretty new, but IMO it could do with more to make itself known. We are working on building a tracker to ultimately handle issues. In the meantime, people can PM one of the Support Team.

Overall, I think it is a good idea. It's also great that phpbb staff are happy to give up their time to do something like this, considering it is free software. :) :)

Sounds good to me. :) Why might some people say that it's a bad thing?

Lois
Some might say it is a bad thing because it means phpBB is really bad with security problems. That's just FUD of course, but I imagine people are saying that.

Hello,

this may be good but you said that you will contact webhosts and users. How can you contack all of them? How many people will it be this team. I couldn't understand the main aim? Is it a one to one work or like a mail list :s Sorry my English is not enough :(

Not: i didn't use any of phpbb because all of them was hacked 1 year before and i am using personally smf but my clients using all phpbb