Discuss: What does phpBB2's retirement mean for you.

Green Light · Post by **Green Light** » Sun Jan 18, 2009 8:21 am

You guys are scaring me, not that I have any 'security mod' or un-approved mod.. but just all these statistics..

BlueHost doesn't have mod_security.. my old host did, but theirs was over-ruled.. I couldn't say CD (I believe it was CD or ROM)

Anyway what do you guys do to protect your self?
Ontopic: phpbb2 retirement means, more focus on phpbb3

Phil · Post by **Phil** » Sun Jan 18, 2009 4:41 pm

Guys, please keep in mind that this topic is for discussing what phpBB2's retirement means to you, not the potential insecurities of the unsupported software. If we can't get back on that topic, I will be forced to lock this topic.

Thanks.

Schwpz · Post by **Schwpz** » Fri Jan 23, 2009 1:06 pm

Although I do not mean in any way to contribute to further stribing off-topic, future potential security risks in the soon-to-be unsupported phpbb 2 software is indeed my personal highest concern in regards to what the phpBB2 retirements means to me and my forum D:

Don't get me wrong, like I wrote in my previous post I'm extremely grateful that the phpBB group has provided support for the phpBB 2 for such a long time in the first place - it's their project and they are naturally totally entitled to steer it in any direction they see fit - however, since I do not have the possibility at the current moment to upgrate to phpBB 3, I can't help but to dread the moment where phpBB will stop giving official security upgrades for the phpBB 2.

It's like you wrote:

iWisdom wrote:In all honesty, I would be very surprised if a security vulnerability is not found in phpBB 2.0.23 in the not-so-distant future.

That is unfortunately very true, and to be completely honest, it really scares me. Although I am completely aware that by not upgrading, for whatever perfectly good reasons I might have, I am the one responsable for not providing the latest security available for my forum, not the phpBB team, I can't help but wishing that the phpBB group would be willing to provide security patches for phpBB 2 a bit longer in case something horrible and dreadful should turn up ^^;

This is just a heartfelt, personal wish, as in "Dear Santa, I wish to have one more year with phpBB 2 security upgrades".

So for me the phpBB 2's retirement means a lot more worrying about potential security hazards and hacking attempts - it's my fault for keeping phpBB 2 in the first place, no questions about it, but it's a very nagging worry none the less that is triggered by the phpBB 2's upcoming retirement. ^^;

"Duck season!
Rabbit season!
Duck season!
Rabbit season!
Rabbit season!
phpBB 2 SEASON, FIRE!!!" xD

ChrisRLG · Post by **ChrisRLG** » Fri Jan 23, 2009 1:24 pm

Unfortuanatly if we did (not that we would) in a years time the same arguments would surface again at that time. I can hear them now - "come on phpBB.com, just another year."

We gave a very long lead time for this, long enough for everyone who had any significant MOD type requirements to have got on and done something about it.

What can you do in the next year, that you did not do in the last 9 months, that you should have done in the last 9 months.

Sorry, it is final, you have your choices to make. Support from outside phpBB.com, if it is available, or upgrade to the v3 line, then work on any additional modifications after.

Andysj · Post by **Andysj** » Fri Jan 23, 2009 1:47 pm

It is proving to be an issue for me.

I am not big on coding, or php and the person who helpped me with the install of my phpbb2 forum is no longer contactable.

Furthermore I had a few mods done on it so that it looked more like I wanted, was more search engine friendly, and got spammed less.

Yet now, if I ask for help (as I just have in my post at http://www.phpbb.com/community/viewtopi ... 57d7aefea8 I am simply told

'we don't support any version of the 2.0.x branch (we can help you converting to phpBB3 if you wish) and your problem is (looking at the topic title) caused by a MOD. For support regarding MODs you must always contact the author.'

As I can not contact the person who did the mod to make it work with the maillist, I am some what stuck.

Sadly as the above thread was also locked, I was unable to explain that in there.

Can anyone please let me know where I can go to get some advice on this?

Thanks in advance
Andy

As a side note, I notice some comparisions being made to microsoft windows version updates. Although I know alot of the 'php' world seem to hate MS, I think you will find that you can still get support for previous versions of windows, especially versions that they have only just superceeded.

How ironic Microsoft being more friendly to its users than the webs biggest php forum eh?

ChrisRLG · Post by **ChrisRLG** » Fri Jan 23, 2009 2:13 pm

If you check the signautes of some of the regualars here (including some team members) or do a seach for phpBB2 support you might find other places which can help you.

That being said some of those issues you have mods for are NOT required for v3.

The spam issue is not in existance for v3 and is a KB article for "if and when" they do break the Captcha.
Is a long topic in phpBB discussions about SEO, where so many dispute any advantages of having such a MOD now that the search engines cope so well with out any changes. In any case I think a SEO mod for v3 is already done.

I suggest you ask in the v3 support forum (or perhaps the MOD's required forum) for guidance on what MODs you have with v2 and how they could be covered in a v3 installation. You might well be supprised.

Andysj · Post by **Andysj** » Fri Jan 23, 2009 3:40 pm

Thanks Chris I will do that.

deny · Post by **deny** » Sat Jan 24, 2009 8:22 am

iWisdom wrote:Such a MOD usually does nothing but introduce further vulnerabilities into your board. They're completely unnecessary.

I'm sorry but i disagree with you totally here. As first i would never say "such a mod" for a mod that you do not know and have never tried?
Then i run already mentioned mod for almost 3-4 years and he is first defense that spot 99% of all remote command execution or remote file inclusion that are number one attacking by script kiddies on all cracking boards.

So i would not agree that this mod is completely unnecessary if you know that phpBB2 come to end over a couple days.
And finally decision to not provide security patches for phpBB2.x in future is as you tell me brutally ""go with the new product, or be hacked without any warnings" and that's scary from phpBB team.

No thanks. I would stay with stable phpBB2.x so long as i can. And i'm sure that they are many board owners who can not understand why is so difficult to provide security patches (if any) in future for version 2.x

Highway of Life · Post by **Highway of Life** » Sat Jan 24, 2009 9:36 am

deny wrote:No thanks. I would stay with stable phpBB2.x so long as i can. And i'm sure that they are many board owners who can not understand why is so difficult to provide security patches (if any) in future for version 2.x

There are many topics, including this one as well as the podcast (official and phpBB Weekly) where we have given thorough reasons for why support is dropped and security patches are dropped.

In short, without repeating all of the reasons. It takes time away from development and the future of phpBB if we have to continue developing security patches for phpBB2. Additionally, phpBB2 has many many limitations that inhibit proper security measures. It is overall better if users upgrade to phpBB3.

A_O_C · Post by **A_O_C** » Sat Jan 24, 2009 2:39 pm

deny wrote:And finally decision to not provide security patches for phpBB2.x in future is as you tell me brutally ""go with the new product, or be hacked without any warnings" and that's scary from phpBB team.

so with your reasoning, does that mean the phpbb teams should also support 1.4.x, since there are still some boards out there running it? honestly, i was upset about the retirement at first, but i now find phpbb3 to be more fit for where i want to take my board.

3Di · Post by **3Di** » Sat Jan 24, 2009 3:16 pm

Even though this discussion is necessary and had to, above all to ease the waters, I do not see like this is able to be of any help for those who have not the willing/desire of changes for the better.

To make it short a long story.. this is and this will remain.

I apologise for to be as pragmatic as it seems, but I think I'm right.

Dog Cow · Post by **Dog Cow** » Sun Jan 25, 2009 11:16 pm

A_O_C wrote:so with your reasoning, does that mean the phpbb teams should also support 1.4.x, since there are still some boards out there running it?

That's not even a valid argument, since there's no one here asking for 1.x support.

Highway of Life · Post by **Highway of Life** » Mon Jan 26, 2009 1:19 am

Dog Cow wrote:
A_O_C wrote:so with your reasoning, does that mean the phpbb teams should also support 1.4.x, since there are still some boards out there running it?
That's not even a valid argument, since there's no one here asking for 1.x support.

This is correct, but 6 years ago, had we continued to support 1.4 and release security updates, there would still be people asking for support with 1.4, same will hold true with 2.0 I think.

A_O_C · Post by **A_O_C** » Mon Jan 26, 2009 3:42 am

thanks HoL. exactly what i was trying to say.

rreptile · Post by **rreptile** » Tue Jan 27, 2009 7:09 pm

Highway of Life wrote:
rreptile wrote:Upgrades always take much longer than expected [...snip...]
[...snip...] How long do you believe it might take?

Days. And that's if things go well.

I have a number of cosmetic changes on my board that will take some time to implement. I'm not really keen to run phpBB directly out of the box with the default theme. Frankly, I would rather be running the phpBB rather than going through the hassle of upgrading, knowing that only a short time later, there will be yet another necessary upgrade.

C'est la vie.

advertisements