In December hundreds of phpBB forums were defaced by the Santy worm, which used an unpatched SQL injection exploit to spread. That incident came just days after a security flaw in PHP exposed phpBB users to possible password theft. Earlier this month, the phpBB web site was compromised, leaving the developers unable to access the server for several days.
The phpBB team said today’s update was unrelated to the security breach at phpbb.com. “We are still extremely confident (the intrusion) was the fault of an outdated awstats and kernel,” the phpBBGroup said, referring to a flaw in the AWStats trafic analysis program, which was blamed in the defacement of several popular weblogs.