[thelist] phpBB ?

[Nicole Parrot]

From: "Bill Haenel" <bill at webmarketingworx.com>
> OK, so now you've got me concerned. We've been using phpBB since about
May.
> Our visitors and our staff all think it's just too complicated for most
> users, so it's been a Priority3 item for getting a new one.
> So if you can, please define "very large security hole".
> Are you saying maybe "Get a new BB" should move up to a Priority1, or else
> we'll be forced later to put a new item on the list called "Build new
> website:Priority1++++"?

Here's what I've been able to gather today.
There's a very simple method for anyone out there to get Admin access to
your boards. Then they can change anything they want, including your look
(defacing your BB) and gaining access to your users information.

If you're running version 1.4.1, some of the hole has been patched, but it's
still pretty open. One simple way around it is to password protect (with a
.htaccess) your admin directory.

Version 1.4.2 is coming soon I hear.