Hi all.
phpBB forums are now the new target for the hackers... many phpBB based sites are being defaced in these days.
Most of the problems are related to REGISTER_GLOBALS, but today I've discovered a new issue.
One site has being hacked trough the CACHE folder which has 777 permissions... so a file has been modified in there and the site defaced.
I suggest to put HTACCESS in your CACHE folder and try to set 775 as CHMOD for both CACHE and files in there...
Everything should continue to work, but your files should be protected from this kind of attacks. If you're having problems after changing CHMOD put everything back to 777.
I've also patched another couple of files... in some days we will have a new XS release... more secure than the older one...
If you discover some other types of security issues, please, notify me.
Thanks.