PHPBB Security

After getting a noticeable up tick in spam despite implementing a new spam filter (GFI Mail Essentials), I did a simple google search for my email address to see if it was being published somewhere. Sure, enough I found it on the memberlist.php page of a PHPBB forum we are testing. Simple fix was to just rename this file so that it wouldn’t be a treasure trove for spammers any more. (Though only closing the barn door, one might say.) I was surprised that I could not disable this list from Admin menu. Google also helped me find a nice article about securing PHPBB on somewhat ironically, a .Net developer site. I say ironic not because PHPBB uses open source code and .Net is arguable proprietary, but because the reason we have this test forum was to integrate it with a .Net site. Spooky, right?