Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - phpBB 2.0.20 upgrade time InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

phpBB 2.0.20 upgrade time

Published: 2006-04-07
Last Updated: 2006-04-07 22:29:23 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
phpBB, a popular forum has released version 2.0.20 on this Friday.

There are a number of security issues fixed and due to the past interest of the bad guys, upgrading is highly recommended.

Upgrading consists of a number of phases:
  • copy your content to safeguard it;
  • carefully patch your files:
    • Take care with added or changed templates (only subSilver gets patched automatically);
    • Take care with any mods you might have on your board.
  • copy the contrib and install directories;
  • run the upgrade php script to upgrade the database through the browser;
  • remove the contrib and install files;
  • test.
I'd suggest to look at turning on the CAPTCHA test, I had problems with it before, but it now seems to be finally working properly.

Another thing you might want to do is to remove the memberlist.php references in the templates and chmod 0 that file. All those subscribers that don't post anything but have links in their profile to adult content get a bit less encouragement that way. It might trigger them to post spam so you can ban them.

Swa Frantzen - Section 66
0 comment(s)
Diary Archives