Not sure if this will be of any interest but this is an email I recieved last week from my web host regarding phpBB. It seems that they've given up on it totally...
----- Original Message -----
From: <notifications-noreply@lunarpages.com>
To: <notifications-noreply@lunarpages.com>
Sent: Saturday, July 02, 2005 1:12 PM
Subject: phpBB Security Issues
phpBB, a popular third party script Lunarpages offers through Fantastico as
a convenience to our customers, has recently been exploited numerous times.
Although the developers have been diligent in fixing the exploits, the
frequency in which they occur and the amount of time it takes to manually
make the upgrades causes customers to become frustrated. Lunarpages must
protect the servers from these exploits so must ensure our customers
continually have the most secure version of the board. Unfortunately, the
severity of these exploits gives little time for customers to make the
necessary upgrades. We sympathize with this and have come up with a
solution we feel would be beneficial.
After a lot of research, we have determined that SMF forums are more secure
and easier to keep up to date. Lunarpages is highly recommending customers
change from phpBB to SMF forums. We have created a step by step FAQ article
on how this can be done. You can find this here:
http://helpdesk.lunarpages.com/faq.php?do=article&articleid=349. We have
had feedback from several customers regarding the ease of this process so
are confident this will not be difficult. However, if you need assistance,
please see our forums at
http://lunarforums.com where staff, moderators and
other customers can assist you. If you feel you do not want to modify your
board yourself, we can assist you with this. We usually charge $75.00 per
hour for script installations however, for a limited time we will upgrade
your existing phpBB board to SMF for a flat fee of $19.99. If you would
like us to do this for you, please email
support@lunarpages.com with your
username, last 4 digits of the credit card on your account and authorization
to charge your card. Please specify that you want to convert your board to
SMF.
Customers who want to continue using phpBB are certainly welcome to do so.
However, it is imperative that upgrades occur as necessary and in a timely
fashion. phpBB needs to be upgraded to version, 2.0.16. For more
information on this, please see
http://www.phpbb.com/phpBB/viewtopic.php?t=302011. We are currently running
a check on the servers for older versions. Customers who have not yet
upgraded will be notified and will have 24 hours to upgrade. If you do not
upgrade your phpBB board to version 2.0.16 we will have to disable the
forum. We apologize for the small amount of time given but the severity of
the exploit has made this necessary. We will also extend the offer of
reducing the cost of script installs to $19.99 for customers who do not want
to upgrade their boards themselves. If you would like us to do this for
you, please email
support@lunarpages.com with your username, last 4 digits
of the credit card on your account and authorization to charge your card.
Please specify that you want to upgrade your phpBB to the most secure
version.
Thank you for your cooperation in ensuring your account is secure. We have
staff working 24/7 to assist you, so please feel free to email us at
support@lunarpages.com if you have any questions or concerns regarding this
issue or if you would like us to make the necessary changes. Please do not
forget we also have our community forums at
http://lunarforums.com where
staff, moderators and customers can assist you also.
Thank you,
Lunarpages Support
