A number of people have brought to our attention reports of vulnerabilities in phpBB that are circulating on a number of sites at present.
We have looked into these reports and from what we can determine, these are simple DoS (denial of service) attacks which cause problems purely by the number of requests sent to the site in a very short space of time. There is no actual vulnerability in phpBB that is being targetted by this "exploit" code.
You can help to prevent automated registrations on your forum by enabling visual confirmation from the General Configuration page of your administation panel which will ensure that these members are not actually registered. This will also help to mitigate against registration spammers as well.
We also took steps in 2.0.15 to prevent some searches being run by altering the search so that only those words which were long enough to be indexed (3 characters or higher by default) were searched, additionally preventing wildcard-only searches.
Can I also emphasise once again the point that if you believe that you have found a security issue in phpBB, please report it to us via our security tracker
to ensure that it goes to the correct people to look at. Please do not post this sort of thing to the forum or to security mailing lists, where it can often lead to much confusion among other users without reporting it to us first and allowing us a reasonable amount of time to look at it and respond.