[clue-talk] warning regarding phpBB
Angelo Bertolli
angelo at freeshell.org
Fri May 27 14:24:40 MDT 2005
Jeff Cann wrote:
>On Friday 27 May 2005 7:24 am, Angelo Bertolli wrote:
>
>
>>Greg Knaddison wrote:
>>
>>
>>>I recently got hacked as well by tan glarin (I was on 2.0.13 and
>>>upgraded to 2.0.15) but was able to recover.
>>>
>>>
>>Yeah, I don't know which is worse: risk getting hacked, or having to
>>upgrade every freakin month. I figure this is why they've stopped
>>putting the version number on the front page.
>>
>>
>
>On the upgrade every month complaint. I use PHP groupware and I have a cron
>job that runs everymonth do run a secure (via ssh) cvs update on the stable
>branch of the code.
>
>I wonder if you could do the same thing for phpBB? I don't know off-hand,
>since I've not administered it. But, since php scripts are not compiled,
>upgrades for security patches should generally be limited, so live patching
>to your php code base *should* be low risk. It's working for my phpgw site.
>
>
Great idea. I'm going to look into this and see if I can update from
CVS. That would make things a lot easier. No telling how many times
I've accidentally wiped out the avatars directory because I did an
upgrade. With CVS this might not be a problem.
Angelo
More information about the clue-talk
mailing list