Make up a basic "changes" log in whatever you favor for a word processor. Note EVERYTHING you changed, what hacks you used to effect the changes, where you got the hacks (not just the "name" of the place, the WHOLE 'net addy), what files you modded, which sections/lines were changed (use phpEdit or some other editor which gives you actual LINE NUMBERS!); also note whether the initial hack worked "out of the box" or whether you had to go back and tweak. AND BE VERY SURE YOU NOTE IF VARIOUS HACKS CHANGE THE SAME SECTIONS OF A FILE, AND WHAT YOU HAD TO DO TO MAKE THEM WORK RIGHT TOGETHER!

My "ChangeLog" file is listed by file name first. Then by what hack(s) I used. Then by section/line number. Then I have anything germane to hacking that file which I might (read that as "would") forget.

And btw, all this won't be worth the powder to blow it to hades once 2.2 comes out....

Oh. Make sure you keep "version specific" copies of files: in other words, if you use one hack on a file, copy the currently-working version somewhere "safe" before you mod it again.... then when you're sure it's working after the second hack, copy THAT version somewhere....

all this won't be worth the powder to blow it to hades once 2.2 comes out

I wouldn't touch 2.2 with a bargepole for at least 12 to 18 months after release anyway - the number of serious security problems found in the 2.0 code puts me off any idea of an early adoption of the new version.

2.0 is going to be maintained even after the 2.2 version comes out, and now that 2.0 is finally a stable, well-tested and heavily-scrutinized package with a lot of bug fixes, it's going to remain a very good choice for a while yet.

The biggest issue I've had to deal with in phpBB is it's featureitis and it's lack of data security in its default state. An example that covers both problems is the member list - which by default is available for everyone and anyone to view, whether a member or not. On my board, nobody except the admins can view the member list. Also, the "SEO mods" which I have applied are not for SEO (it's a members-only board which is not spidered at all): they are purely for usability reasons. The SEO mods simplify the user interface, reducing the number of redundant links and removing extraneous information - putting the emphasis back on the real content. I would have preferred to use something like MiniBB instead of phpBB, but the former doesn't have profiles or the possibility to add 500 smilies, both of which were crucial in my case (especially the smilies!) ;)

Back to the original point, I'm going to have to build a spreadsheet detailing all the changes, big and small, then use the patch files if a new version is released, rather than trying to recreate all the modifications from scratch. Hopefully, any future patches will be able to be applied manually without too much effort.

When adding mods, I keep backups of the original zipped mods, and rename the file something I will remember what it is. One of the sites is notorious for naming all their mods something like 1189.zip.

When adding the mods, I try and make comments of "blah blah mod code change start here" and then do a second comment to close the end of the change. Some mods come with this already, those are wonderful :)

You can also upgrade using the patch file - this will keep all your mods intact, however there could always be issues with mods having a conflict with the new upgrade.

Best of luck to you, encyclo. I have had ZERO luck with the patch files applying properly. And it's not because I'm a dummy either!

Could you tell me WHICH seo mods you're using? I never thought about your reason for using them, sensible though it seems when I was just now reading about it!

Like you, I'm NOT migrating to 2.2 anytime soon. The custom stuff I've got now is one factor, and as you so cogently state, the security situation is the other....

I've used the patch files successfully in the past: usually it goes fine, but when you get a chunk error, the .patch file is human-readable so you can just go in and make the changes to the code yourself, taking into account the modifications you have already made to that section.

Of course, the patch is really just another modification in the same way as any other. I would like to think that I could recreate the forum with the assembled mod and patch files plus my documentation, but once you have hacked the original install so much, it's probably more important to make 3 dozen backups of the code and store them in multiple off-site locations!

I back all mine up once a week to a cd, then each month close the cd and stuff it in the safe deposit box. I also store backups on my other sites's webspaces; it's unlikely that if one drive goes down they all would (that's only effective if all your sites aren't on the same server-space, of course....)

All these ideas are good ones. One small thing I also do is put a comment in the code with a unique string at the site of any changes I make, often with comments about the change. This makes subsequent hacking or reapplying code changes to new versions a lot easier.

I used to do that. Then I just started doing changes in a different color - something that sticks out like a sore thumb - fuschia, anyone?

I haven't had any problems doing that, though someone on one of the phpBB fora once said that it could cause trouble in some of the files.