PHPBB Info

Home PHPBB Info IPB Info Support

PHPBB History

phpBB was started by James Atkinson as a simple UBB-like forum for his own website on June 17, 2000. Nathan Codding and John Abela (both now former team members) joined the development team after phpBB went into SourceForge CVS, and work on 1.0.0 began. A fully-functional, pre-release version of phpBB was ready by July 1, 2000.

phpBB 1.0.0 was released on December 9, 2000, with subsequent improvements to the 1.x codebase coming in two more major installments. The final release in the 1.x line was phpBB 1.4.4, released on November 6, 2001. During the lifetime of the 1.x series, Bart van Bragt, Paul S. Owen (former co-manager of the project), Johnathan Haase (now a former team member) and Frank Feingold joined the team.

phpBB 2.0.x was begun on February 17, 2001. It was developed entirely from scratch; the developer's ambitions for phpBB had outgrown the original codebase. Doug Kelly (now a former team member) joined the team shortly afterwards. After a year of development and extensive testing, phpBB 2.0.0, dubbed the "Super Furry" version, was released on April 4,2002 (three days later than intended). [2]

In December 2004, a large number of Web sites were defaced by the Santy worm, which used vulnerabilities in outdated versions of phpBB to overwrite PHP and HTML pages.

The latest release in the 2.0.x line is 2.0.21 ("Bertie's Summer Vacation"), on June 7, 2006, and the latest in the 3.x line is 3.0 Beta 2 on August 12, 2006. Releases in the 2.0.x line are restricted to bug and security fixes only.

PHPBB Security

The security of phpBB has been disputed, with a series of new versions in a relatively small timeframe addressing security issues. However the phpBB Team usually responds to security reports as soon as possible, and releases a new version quickly. The phpBB Group has also learned from a series of security issues, and phpBB 2.0.18 followed a codebase security audit. Additionally, many things have been changed to avoid problems in the future. Among those are a reauthentification system for the administration panel (this was introduced after a cookie verification issue allowed attackers to gain administrator access), a visual confirmation system (CAPTCHA) to prevent bots from registering, as well as the substitution of the highlighting code, which was the cause for critical vulnerabilities in phpBB 2.0.10 and 2.0.15. In order to keep boards as secure as possible, administrators are urged to keep their board updated to the latest version as soon as possible.

On November 23, 2005, the phpBB Group announced a new Incident Investigation Team, a sub-team of their Support Team, which is responsible for assisting users in the cleanup and repair of an attacked phpBB installation and investigating reports of new exploits. [12] The team announced a tracker the following January where administrators of attacked bulletin boards could report an attack and receive support from the IIT.

PHPBB Mods

MOD, in the context of phpBB, is an abbreviation referring to code modifications created by the phpBB community. The term is capitalised to distinguish modifications from forum moderators. Modifications referred to in this manner are not authored by the phpBB developers, and do not enjoy the same level of support as unmodified official code. The phpBB MOD Team accepts modifications from community sources for validation, and modifications which meet the MOD Team's standards are made available for download from the phpBB MOD Database. Other sites also provide modifications, both validated to their own standards and unvalidated, however the phpBB teams do not offer support for boards using MODs downloaded from sites other than phpBB.com.