[clue-talk] warning regarding phpBB
Jeff Cann
j.cann at isuma.org
Fri May 27 14:17:33 MDT 2005
On Friday 27 May 2005 7:24 am, Angelo Bertolli wrote:
> Greg Knaddison wrote:
> >I recently got hacked as well by tan glarin (I was on 2.0.13 and
> >upgraded to 2.0.15) but was able to recover.
>
> Yeah, I don't know which is worse: risk getting hacked, or having to
> upgrade every freakin month. I figure this is why they've stopped
> putting the version number on the front page.
On the upgrade every month complaint. I use PHP groupware and I have a cron
job that runs everymonth do run a secure (via ssh) cvs update on the stable
branch of the code.
I wonder if you could do the same thing for phpBB? I don't know off-hand,
since I've not administered it. But, since php scripts are not compiled,
upgrades for security patches should generally be limited, so live patching
to your php code base *should* be low risk. It's working for my phpgw site.
Just a suggestion.
Jeff
--
"Social justice cannot be attained by violence. Violence kills what it intends
to create."
- Pope John Paul II
http://isuma.org/
More information about the clue-talk
mailing list