<irony>whooami sounds like a really nice guy, giving out friendly advice … </irony>. I understand relegated’s query, having installed phpbb several times. It’s not unusual to have to go into your FTP client and delete the config file as it is a simple, normal, everyday file with a URL like any other, and the natural instict is that anyone would be able to view it. While it’s true that attempting to view it in a browser does produce a blank page (and the source code is incomplete), and as there’s no mention of deleting the file in the installation instructions, it’s probably safe to assume that it is inaccessible (although I should add that I’ve followed phpbb installation instructions to the letter and still had my forum hacked).
I arrived here by searching google for exactly the same query that the original poster was making, and I’m sure many others do. If anything it looks like whooami has no understanding of the potential or feared security risk, and would welcome any positive feedback or reassurance on the matter. I’m with you, relegated!
