How did I break the IP logger this time?

Those are not standard features. Did you reinstall the mods?

BTW, if you can PM me a list of links to the threads I need to answer I'll start working through them today.

oh geez, i don't want to give you threads of posts i need help with - but then, i need the help
i didn't realize ip logger wasn't a standard feature, so i'll let that one go for now, or look for the mod on phpbb.com
for the most part, do you think i'm safe installing the phpbb.com approved mods? seems safe to me...although i have to wonder at what point i'm recreating the fm board...
anyway, thanks!
Gary

The thing is, even if you recereate the FM board you will at least know what you did and know where to look when there are problems.

phpbb.com's mods are safe. Unfortunately there are only a few of them.

Also note that phpbb.com has listed mods that were a hacking threat, so the mods that are not there do not necessarily mean they are less secure.

Everyone screws up sometimes.

geez, i knew phpbb.com felt some mods were not secure, but i didn't realize there were hacking threats - i'll check that out right now - thanks again (as always) for the heads up!

Don't fret too much about the hacking threat.

phpbb itself has shipped with at least 5 hacking threats that I can remember off the top of my head.

The biggest hacking threat there is is to have a computer or website. :-)

i once had a hacking cough, but that only affected those within spitting distance. guess it's not the same thing....

Nope. But don't take the hacking stuff to seriously. The type of hosting you have (shared with other users, who have access to the machine and can use simpler exploits) is a far greater hacking risk than most of the exploits in phpbb code.

i'm not really losing sleep over hacking - i'm a tiny site, and i back up regularly. out of curiousity (which, incidentally, supposedly killed the cat), do you mean i have a greater hacking risk from the staff at ipowerweb, or do you mean that a fellow powerweb user may have an easier time getting into my share? just curious....
as for hacking, is it feasible to hack into a phpbb's system, or better web server, to copy their php files? (i'm not talking about a brute force password attack on their server, i mean looking at their files through a back door)

Well the staff at ipowerweb can do whatever they want, it's not even hacking because they own the boxes.

But they won't, they are the largest host of that nice and they would never do that. Well, never say never but you get the point.

What I was talking about is other users on ipowerweb. Most of the time you will be secure but every now and then there will be an exploit that is only exploitable by anotehr user with virtual hosting on your server.

For example, the most popular open source php image gallery system allows a backdoor into other accounts under some server configurations.

Hacking through phpbb is limited. When there is a phpbb exploit it is rarely the type that would grant web server access.

But yes, there are always ways to hack a server. The overwhelming makority are through exploits that the server admin will patch but there are many ways and there is always a risk.

For example, if you donwload and install bitchx (an IRC program) you will ahve opened a backdoor yourself. BitchX claims any exploits are unintentional but that's pure bull.

So basically, yes, there are many ways to hack a server. I do not rate phpbb as a thread but tehy ahve had exploits.

Even without exploits it's possible for someone to hijack your account and have phpbb administrative access. For this reason it's usually a good idea to password protect your admin directory through your cpanel. That way if phpbb's authentication is breached the hta access password will protect you from having the phpbb admin panel accessed.

But there are also exploits that do not grant access to your server but are still hacking exploits.

For example a DOS attack. phpbb is vulnerable as is any site. But some phpbb mods make it easy, the stats mods use so many queries on the database that it actually facilitates a DoS. In my tests I have been able to kill a database through a DoS aimed at the stats mod more easily than with phpbb without mods.

BTW, the very latest phpbb vulnerability was of the type that allows another user on your host to view your files if I remember correctly.

you are a wealth of knowledge! well, since my stats mod isn't working, i don't have to worry about that denial of service problem! i wasn't sure about the admin password though - do you mean to chmod the admin subdirectory, or that i have a different cpanel pw versus my phpbb board pw?

Not chmod, but htaccess. cpanel lets you do this. Use the control panel that ipowerweb gives you to password protect the directory.

kewl beanz - never realized i could do that (i use only about 1/3 of the cpanel icons) - so now i made forums/admin password protected - as far as i know, the board should run fine without having to access that sub, right?
btw - they call it web protect

Yup, they should run fine.

so i guess i should change my password from "bosco" (you have seen that seinfeld episode, right?)

It sounds familiar, so I've probably seen it. Dunno, I'm not big on TV, if I've seen it it was on a puter. :-)

geez, you have the best avatars!
btw - i reinstalled the ip logger, and some of the admin panel features, and voila - vitually every error is gone - yippee!
now i have a VERY robust board, solid portal page (can always use improvements, but solid and working error free!), and I have about 20 mods OF MY CHOOSING - good stuff, like quick reply, behind the scenes stuff like ip logger and enhanced admin panel utilities, pm on registration, name of pm'er sent with your pm notification, and more...i'm a happy camper! Thanks Craven!