Nov
18
2009

phpBB Weekly #128: Spam Can Ruin Your Minute

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Download AAC Episode (39.1 MB) | Download MP3 Episode (76.2 MB)
Download Episode Chat Log

Episode Duration: 1:19:23
On This Episode: Douglas Bell (Fountain of Apples), David Lewis (Highway of Life), and Adam Reyher (AdamR)

On this episode, we take a look way, way back in time. Five years back, to be exact. That’s right, five years ago, phpBB 2.0.11 was released, after a serious vulnerability was discovered in phpBB2. This vulnerability was exploited over a month later by the Santy.A worm which used Google to seek out non-updated boards and deface them. Unfortunately, because the vast majority of phpBB admins didn’t take the time to keep their phpBB installations up-to-date, the Santy worm wreaked havoc among the phpBB community and nightmares for the Support Team, and unfairly attributed phpBB with a reputation for poor security practices.

We last talked about Santy two years ago, about a month before phpBB3′s release. Since then, phpBB’s security reputation has significantly improved, thanks to the fact that in the nearly-two years since 3.0.0, there have been zero security exploits for phpBB. And, as we discuss in this episode, a lot of that is thanks to the lessons that the phpBB community learned since the Santy worm, including the Development Team’s focus on security, the external security audits of phpBB2 and phpBB3, and groups like the Security Team, the QA Team, and the Incident Investigation Team.

We also spend some time comparing the oft-confused difference between security exploits and spam, the latter of which phpBB is currently targeting with the 3.0.6 release. But overall, this episode is about looking back at a turning point in phpBB history which essentially helped make phpBB a much better project for the experience.

We also acknowledge the Dutch phpBB meetup happening at the HCC dagen on Saturday, November 28, and Douglas puts in another plug for the Washington, DC meetup he’s trying to organize.

The MOD of the Week is Contact Board Admin by RMcGirr83, and the Style of the Week is Pro_iphone by Samurai Design. And inspired by the style, David mentions an iPhone App of the Week: Tapatalk.

Written by Douglas Bell in: Released Episodes |

No Comments

Comments are closed.

RSS feed for comments on this post.

Copyright © 2007-2010 phpBB Weekly, some rights reserved under a Creative Commons License. Website powered by WordPress. Theme: TheBuckmaker. Background: Vlad Gerasimov.
Click here to view full copyright/legal attributions.