Yes I'm running 2.06C - the information stored on this forum is available to all anyway (apart from email addresses) so would make it pretty pointless to hack (although someone will probably try at some point anyway). Thanks for the information anyway - I'll keep my eyes open for any more security releases. Dom ----- Original Message ----- From: "Nate Duehr" To: Sent: Friday, January 16, 2004 6:06 PM Subject: Re: [OT:] New website opened for techie people - please all join and help On Friday 16 January 2004 10:49 am, Dominic Stratten wrote: > > The website url is http://www.partsfortrade.com Powered by phpBB 2.0.6 ) 2001, 2002 phpBB Group 2.0.6 has some serious cross-site scripting security holes. Make sure you're up to 2.0.6C, and there was a PHP announcement that they released some patches for PHP also that affected phpBB and a number of other "portal" type software packages. Hopefully you've patched for all of these. phpBB and a number of the popular PHP-based portals/groupware engines are prone to having about one major security patch a month (source: SANS security announcement mailing lists), which is too high for my tastes to run them on a high-profile public site. If you do, I feel you have to be "more vigilant" than you would with some other options. -- Nate Duehr, nate@natetech.com -- http://www.piclist.com hint: To leave the PICList mailto:piclist-unsubscribe-request@mitvma.mit.edu -- http://www.piclist.com hint: To leave the PICList mailto:piclist-unsubscribe-request@mitvma.mit.edu