It comes up a lot and I figured I would share a small trick I have used in phpbb installations.

Alot of the exploits revolve around the good old highlight function, so I removed it

in common.php

right at the top after
if (!defined('IN_PHPBB') )
{
die("Hacking attempt");
}

I add this line
if (isset($_GET['highlight'])) unset($_GET['highlight']);

that just removes the highlight param all together

in viewtopic.php

in my version it is line 624 but that may depend on mods etc

replace this line
$pagination = ( $highlight!= '' )? generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=$post_days&postorder=$post_order&highlight=$highlight", $total_replies, $board_config['posts_per_page'], $start) : generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=$post_days&postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start);

with
$pagination = generate_pagination("viewtopic.$phpEx?" . POST_TOPIC_URL . "=$topic_id&postdays=$post_days&postorder=$post_order", $total_replies, $board_config['posts_per_page'], $start);

just keeps the highlight param off of links, remember this could be different depending on installed mods etc.

that's it, simple, gets rid of all highlight exploits

it might be useful to someone or might not, anyone else have any little changes that have helped them out?