Once again my forum, ForumNorway has been hijacked and now it is more serious. Read the content in that link before you continue.
1. I have not upgraded to the latest version of phpBB, version 2.0.21. I use version 2.0.19. Do not give the simple answer upgrade to the last version. This problem is more serious. I will not upgrade before this problem is solved or it is documented that the old version of the code is the problem.
2. The code for phpBB is written in PHP by other people, are relatively large and it is difficult to get an overview without using much time on it. I do not have that overview. Do not give the simple answer, PHP is not secure, use a BB written in another language.
4. Do anybody on this forum have a solution to the
Problem: How is it possible for a person to change the code without having the FTP password? Is that stolen or are there other methods by which the problems described in the above thread can happen?
Security in PHP and MySQL
php sessions for storing data
Hiding file part of URLs for security purposes