This morning when the site was down (due to a transaction log being full) it was exposing details about your site in the custom errors. These should generally (always in my opinion) be turned off for publicly facing sites.
Here's how to do this. Your web.config system.web node should contain the following:
<system.web>
<customErrors mode="RemoteOnly">
</system.web>
It removed the URL I included with some additional things to consider, I think this should work:
text: weblogs.asp.net/dotnetstories/five-common-mistakes-in-the-web-config-file
This page lists some other issues related to the web.config file:I've attached the two different errors I received, which expose:
1. You use IIS
2. The version of the .Net framework (bottom of Error2)
3. You use SQL Server
4. Some details about your SQL Server configuration
I'm not sure if phpBB would reflect this change in terms of what it exposes, that would require further testing.
Just letting you know.
Thanks,
Jason