Originally Posted by HonestJohn
STOP USING OLD VERSIONS OF PHPBB.
If I could make that shit flash, I would.
Or stop using phpbb entirely.
Quoted for truth.
As I said earlier, I hope he isn't keeping any of your PRIVATE CUSTOMER INFORMATION on his computers.
Note, if you DO run PHPBB, keep it up to date or assume it's compromised already. If you own a business, you're responsible for your customer data. If it gets compromised through a security hole you didn't bother to patch (yeah, I'm a real bitch about this...if you don't want to take the time to patch your servers, you shouldnt be running a server on the internet) you're responsible.
Note that in this instance, the damage is relatively low (on the surface). PHP sites are frequently hacked and used to host email phish sites, i.e. copies of legitimate banking sites to collect banking information from unsuspecting customers. If his site wound up hosting one of those, guess who gets sued by the bank?