to techAdmin:
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
have you noted the security problems with phpBB < 2.0.11? It's not nice.... there's a quick and dirty fix, but all fora installs of prior versions need upgrading asap.

See the following:

www.webmasterworld.com/forum103/246.htm and
www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513 (which includes the quick and dirty code snippet replacement)
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4128
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
vkaryl, and others who have alerted me to this issue, thanks. And especially thanks for the quick fix link from phpbb, I'm out of town on a job at the moment, but popping in the temp fix was no problem, thanks again for the heads up. Guess it's time to do the full updates too... :-)

By the way, did I mention how much notepad sucks? I downloaded the viewtopic.php page and it wasn't readable in notepad [unix linebreaks etc, no syntax highlighting], then I downloaded crimson editor, the free version more or less of edit plus, did the code fix, and it was done.

Again, thanks for watching out for this stuff, I've been busy and haven't had time to keep up on everything, plus I caught a nasty head cold that makes any kind of thinking a challenge... although some might say I'm already challenged adequately in that area....

This strikes me as a perfect example of the open source model. The exploit was discovered, the patch was published, and easily fixed in a few minutes. This is exactly what open source advocates always say is one of the main benefits of having the source code available for modification, and under your control. All software will have vulnerabilities, that's given, but being able to take care of these things quickly when they come up without having to wait for the latest patch or update is a really big difference.
Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
Here's the easy way to do this: copy your original phpBB2 forum to "oldForum" or some such. Download the Changed Files Only package from phpbb.com and uncompress the relevant fileset (2.0.6 to 2.0.11 in your case). Using whichever ftp client you favor, upload the files from the CFO package to overwrite the files in the forum folders. Make an install folder under the forum folder. Copy update_to_2011.php into the install folder, open a browser window, navigate to your forum folder in the browser, and runupdate_to_2011.php.

Should be good to go.... and once again the servants of truth and light triumph over the orcs of hel.... or whatever....
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4128
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
Vkaryl, thanks again for the tips. I have the search engine friendly mods on this, I think that's the only ones though, hopefully I haven't done any other mods though, foolishly I haven't recorded in a readme file what those were, but I think not too much aside from the url one, your solution sounds workable.

I've been working on a nightmarish hardware type problem for a client, massive time consumer, still isn't working correctly, I'll do that when I get back.

Lesson here: make readme file, document all script changes for future reference. Luckily the phpbb group has done an excellent job separating the logic out from the templating systems, which is where almost all my changes have occured.

Thanks for your help on this.

Once I update look for your requested mod as well, least I can do to repay you for your assistance here.

By they way, if you haven't yet done so, give filezilla a try, it's a superb open source ftp client.
Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
Hope your hardware nightmare gets sorted soon! Take care....
Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
Another heads-up: it seems as though if your PHP version is < 4.3.10, you may wind up trashed eventually even though your boardware is up-to-date.

See: www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4128
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
updated, with a tiny glitch, but fixed it... I backed up my local version of the forum but not the main one, forgot one thing.

Couldn't find the mod you were looking for, let me know where to download it, or just send it to me and I'll add that.

thanks for the advice vkaryl, updating was pretty easy except redoing those search engine friendly urls takes a while, oh well.
Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
I'll send you a copy. I can't find the site now, seems to have gone the way of so many "toy" sites....
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4128
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
By the way, that worm looks like it hit the forums here pretty hard the last few days, judging by some requests logged, a few hundred fake 'highlight' exploit type things. Thanks for the kick in the butt on that vkaryl, just in time looks like.
Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
My fora being completely private, they don't even appear anywhere within the first several hundred results in the searches, so I haven't even had loghits like that. Thankfully.

Glad I kicked hard enough! *laughing*
Back to top
Display posts from previous:   

All times are GMT - 8 Hours