Ah, cool. Reading the "News" section, the latest I could find was that you upgraded to 2.0.8, so I wasn't sure what had been done since then. Indeed from what I've been reading phpBB v2.0.11 is not vulnerable to this worm. I think they also advise an upgrade of PHP itself to 4.3.10. It seems that a lot of forum software based on PHP gets hacked into all the time if you read security mailing lists like BugTraq and Full-Disclosure, although this is the first time that the attack is automated into a self-propagating worm. I wonder if it's time to kill of PHP in favor of something else for this purpose.