We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

The security of OVH forums

18-06-2015, 12:33
Well, I posted on here about the .com forum being hacked few while ago ( https://forum.ovh.co.uk/showthread.p...m-forum-hacked ).....
Last week, we received an alert from a forum user regarding a potential security vulnerability on the OVH UK forum
Was it my post? Glad I could help if so

18-06-2015, 12:31
....... sorry, double post

17-06-2015, 17:47
Was the hacker able to retrieve the username and password or merely the hashed password?

17-06-2015, 17:33

We've just migrated all OVH forums to shared hosting platform with SSL certificates in place. Now all connections to the forum have to go via an encrypted layer.

The way the forum is used will not change: it's open to all, i.e. to anyone who is passionate about IT, whether an OVH customer or not.

Why this change?

It's now obligatory to have the SSL layer on the web and we've were a little late implementing it on our forums. The forum is not actually connected to our internal information system and was therefore not subject to the same security policy as OVH itself.

Last week, we received an alert from a forum user regarding a potential security vulnerability on the OVH UK forum. Our analysis showed that a backdoor had been installed on the UK forum, enabling the hacker to retrieve the logins and passwords of all users who log in to forums outside France. But we believe that there's a strong possibility that the hacker's activity extends to all forums, including the French ones. The hacker was therefore able to retrieve the username and password.

This is why we've migrated the forums to the shared hosting platform which blocks these kind of hacks. Also, to erase any doubts, we've reset the passwords of users of all our forums (apart from hubiC and OVH Canada, which aren't hosted on this infrastructure).

In compliance with the law, we've notified CNIL [French commission for information technology and civil liberties] of the incident.

We're really sorry that we didn't secure our forums earlier. For OVH, security is paramount and we need to implement the same standards across the board, including non-critical components.