Why was the version number removed?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Khael
Registered User
Posts: 8
Joined: Wed Dec 22, 2004 10:38 pm

Re: Why was the version number removed?

Post by Khael »

After just spending 1-2 entire days recovering my server from this worm attack I can certainly appreciate this ;)
User avatar
olger901
Registered User
Posts: 536
Joined: Tue May 11, 2004 4:57 pm

Re: Why was the version number removed?

Post by olger901 »

I think a good thing would be to remove the version number from the board and put it in the Admin Panel instead, because for example if you want to do a manual upgrade if you got MODs or anything installed and you forgot your version number, how are you supposed to upgrade then?

So IMHO it would be wise NOT to insert the version number in the board because of exploits etc. (I do certainly agree with the devs on that) but then to only insert the version number in the admin panel.
-
User avatar
psoTFX
Registered User
Posts: 1984
Joined: Tue Jul 03, 2001 8:50 pm
Contact:

Re: Why was the version number removed?

Post by psoTFX »

It will be in the ACP ... It's just not been "done yet" ... like many many aspects of 2.2.0
User avatar
olger901
Registered User
Posts: 536
Joined: Tue May 11, 2004 4:57 pm

Re: Why was the version number removed?

Post by olger901 »

Okay thank you for the info psoTFX, Good to know :)
-
JPortal
Registered User
Posts: 117
Joined: Sun Nov 28, 2004 10:42 pm

Re: Why was the version number removed?

Post by JPortal »

psoTFX wrote:Security through obscurity? oh please, get a grip ... you're suggesting we've done nothing else to improve security in 2.2 but remove the version number? Which CVS are you following prey tell.
phpBB has a track record for being secure. This latest change only makes it more secure IMO.
DK
Registered User
Posts: 80
Joined: Fri Aug 31, 2001 1:46 pm
Location: Champaign, IL
Contact:

Re: Why was the version number removed?

Post by DK »

actually the first thing I do on my 2.x board is remove the version number for the very reason they are now removing it.

sometimes what I'll even do is simply go into the footer and comment it out. Alo somtimes I'll leave it in there commented out but make up a version number says 2.3.4 o 2.1.9 etc etc. You gotta keep the morons on their toes :lol:

unfortunately this latest one was nasty and even though I was upgraded to 2.1.1, and had asked my host to upgrade php - I still got a 1kb binary file dumped onto my hosting accnt under the forum dir. :evil:
xkevinx
Registered User
Posts: 26
Joined: Tue Jun 24, 2003 8:44 pm
Location: California
Contact:

Re: Why was the version number removed?

Post by xkevinx »

Good Idea. Now will the other board software do the same.
Toe
Registered User
Posts: 22
Joined: Sun Sep 23, 2001 9:02 pm

Re: Why was the version number removed?

Post by Toe »

I suppose I could chip in my own little anecdote: I had removed the version number from my board long ago, but my board still got hacked. It's very little protection, if any at all...
User avatar
CLee
Registered User
Posts: 97
Joined: Fri Nov 23, 2001 2:42 pm

Re: Why was the version number removed?

Post by CLee »

Toe wrote:I suppose I could chip in my own little anecdote: I had removed the version number from my board long ago, but my board still got hacked. It's very little protection, if any at all...
Which was what I was trying to point out. Removing the version number doesn't improve the board's security one bit. Instead, I think it makes things worse by giving a false sense of security and makes it more difficult for those in the support forums to tell people to upgrade their boards because they are running a version with a known vulnerability.
Carlos Myers
Member - Star Wars Roleplaying Club
ElbertF
Registered User
Posts: 583
Joined: Fri Dec 03, 2004 4:35 pm
Location: tracing..
Contact:

Re: Why was the version number removed?

Post by ElbertF »

CLee wrote:Removing the version number doesn't improve the board's security one bit.
I've been under attack by the famous worm the last few days, I solved it by changing the version number and the copyright to "Powered`by phpBB 2*0*11 © 2001, 2002 phpBB`Group". So it does help (since it isn't able to find me on Google anymore). And what's the need of having the version number on every page? If you want it so badly, just put it back :P
Post Reply