Why was the version number removed?
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Re: Why was the version number removed?
After just spending 1-2 entire days recovering my server from this worm attack I can certainly appreciate this 
Re: Why was the version number removed?
I think a good thing would be to remove the version number from the board and put it in the Admin Panel instead, because for example if you want to do a manual upgrade if you got MODs or anything installed and you forgot your version number, how are you supposed to upgrade then?
So IMHO it would be wise NOT to insert the version number in the board because of exploits etc. (I do certainly agree with the devs on that) but then to only insert the version number in the admin panel.
So IMHO it would be wise NOT to insert the version number in the board because of exploits etc. (I do certainly agree with the devs on that) but then to only insert the version number in the admin panel.
-
Re: Why was the version number removed?
It will be in the ACP ... It's just not been "done yet" ... like many many aspects of 2.2.0
Re: Why was the version number removed?
phpBB has a track record for being secure. This latest change only makes it more secure IMO.psoTFX wrote:Security through obscurity? oh please, get a grip ... you're suggesting we've done nothing else to improve security in 2.2 but remove the version number? Which CVS are you following prey tell.
Re: Why was the version number removed?
actually the first thing I do on my 2.x board is remove the version number for the very reason they are now removing it.
sometimes what I'll even do is simply go into the footer and comment it out. Alo somtimes I'll leave it in there commented out but make up a version number says 2.3.4 o 2.1.9 etc etc. You gotta keep the morons on their toes
unfortunately this latest one was nasty and even though I was upgraded to 2.1.1, and had asked my host to upgrade php - I still got a 1kb binary file dumped onto my hosting accnt under the forum dir.
sometimes what I'll even do is simply go into the footer and comment it out. Alo somtimes I'll leave it in there commented out but make up a version number says 2.3.4 o 2.1.9 etc etc. You gotta keep the morons on their toes
unfortunately this latest one was nasty and even though I was upgraded to 2.1.1, and had asked my host to upgrade php - I still got a 1kb binary file dumped onto my hosting accnt under the forum dir.
Re: Why was the version number removed?
Good Idea. Now will the other board software do the same.
Re: Why was the version number removed?
I suppose I could chip in my own little anecdote: I had removed the version number from my board long ago, but my board still got hacked. It's very little protection, if any at all...
Re: Why was the version number removed?
Which was what I was trying to point out. Removing the version number doesn't improve the board's security one bit. Instead, I think it makes things worse by giving a false sense of security and makes it more difficult for those in the support forums to tell people to upgrade their boards because they are running a version with a known vulnerability.Toe wrote:I suppose I could chip in my own little anecdote: I had removed the version number from my board long ago, but my board still got hacked. It's very little protection, if any at all...
Carlos Myers
Member - Star Wars Roleplaying Club
Member - Star Wars Roleplaying Club
Re: Why was the version number removed?
I've been under attack by the famous worm the last few days, I solved it by changing the version number and the copyright to "Powered`by phpBB 2*0*11 © 2001, 2002 phpBB`Group". So it does help (since it isn't able to find me on Google anymore). And what's the need of having the version number on every page? If you want it so badly, just put it backCLee wrote:Removing the version number doesn't improve the board's security one bit.