phpBB security update - Page 2

allendick · 02-21-2005, 11:15 PM

I got both the patch and the changed files with no problem earlier today.

allen

allendick · 02-21-2005, 11:37 PM

Actually for 2.0.11 to 2.0.12, it appears that there are only 14 files -- 66,900 bytes -- in various directories to over-write. I'm upgrading now, as soon as I finish a backup.

The instructions say "As for the other upgrade procedures you should run install/update_to_latest.php after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number."

I see no install directory in the kit, and, of course I blew away the old one after the last upgrade. I wonder if they left it out and the upgrade is incomplete?

I should know shortly.

allen

allendick · 02-21-2005, 11:41 PM

Well, my board still runs, but does not display the version at the bottom.

Now for the next one...

allen

cmyksteve · 02:31 AM

Quote:

Originally Posted by allendick

Well, my board still runs, but does not display the version at the bottom.

Reading on the phpBB forum, that's one of the changes. Seems the Santy worm keyed on that to find vulnerable boards.

At midnight, the SourceForge downloads interface is still broken. There's some kind of redirect that's screwing up the downloads. So as of Monday midnight anyway- clicking these links won't work. But pasting them into your browser will deliver the files.

Quote:

Originally Posted by aam in phpbb.com's forum

allendick · 02-22-2005, 01:16 AM

Yup, that worked, so I downloaded again, since the admin panel complained in red type that I was running an old version, even after the upgrade.

Same files, though, as far as I can tell. Still no 'install' directory or file to run to complete the upgrade.

allen

cmyksteve · 02-22-2005, 02:24 AM

Quote:

Originally Posted by allendick

Same files, though, as far as I can tell. Still no 'install' directory or file to run to complete the upgrade.

allen

Allen-

I did get to run install/update_to_latest.php with the Changed Files package I downloaded. There were four folders already "unstuffed" (see the screen shot) before I opened the 2.0.11_to_2.0.12.tar archive.

So in addition to "the contents" of the folders in the 2.0.11_to_2.0.12.tar archive, I also uploaded the one file from inside the cache folder and the whole folders install and contrib. Then ran install/update_to_latest.php I was then locked out of my board until I deleted those directories again.

My Fantastico doesn't show any phpBB2 installed in that account. I'm assuming that's because I didn't use Fantastico to create that board.

Steve

allendick · 02-22-2005, 03:10 AM

Okay, thanks. That solved my problem. I was not unzipping the outer archive before unzipping the inner archive, and this did not see the other folders.

Seems all is well, now.

allen

cmyksteve · 02-22-2005, 03:15 AM

The next board I updated from 2.0.11 to 2.0.12 went well also. Here's a screen shot after I ran
Code:

http://mydomain.com/install/update_to_latest.php

In this account, Fantastico shows the version number when I first installed the board. The board's been updated several times since (without using Fantastico) and those version changes didn't register with Fantastico.

allendick · 02-22-2005, 03:25 AM

Yup. Just finished all mine.

FWIW, I notice that mine says 'mysql14', not just 'mysql', as in yours. Otherwise, it is the same.

allen

cmyksteve · 02-22-2005, 03:28 AM

I just checked at phpbb.com and can now get the updates through their regular SourceForge channels.
Downloads page for 2.0.12 updates is working again.

cmyksteve · 11:58 PM

phpBB has another update- labeled Critical. Here's the info behind the update phpBB Announcement

Here's their link for the files you'll need to keep your forum safe from attack. phpBB 2.0.13

allendick · 02-27-2005, 11:39 PM

Thanks for that. I've done one. Three more to go.

Hey! I'm getting pretty good at this!

allen

stratplan · 02-28-2005, 06:50 AM

Quote:

Originally Posted by allendick

Hey! I'm getting pretty good at this!
allen

Wish I was! I wiped out an installation of Mambo with an update. And yup, hadn't backed up. Duuuh.

allendick · 02-28-2005, 09:24 AM

Anybody use the Invision board, available from cPanel? I have one of them and, so far have not heard of any problems. (Not that I have been looking hard).

allen