Explanation of the bug:
The main page has shadow copy of phpBB on it. It uses the same DOMAIN cookie as the forums, however the time configuration was not consistant, forums.keenspace.com was set to one thing, and X.keenspace.com was set to another. Thereby if you visited the front page after logging into the forums, it would reset the cookie to 3600 seconds.
Now on the 28th, someone at he.net rebooted butch(the main server) which made the database go out of sync, so visiting the www page made delete the cookie, and attempting to login back in would reset the cookie.
This is why having software that tampers with cookies is a BAD idea. Internet explorer is especially dumb when it comes to handling cookies, something I've known for over 2 years. The cookie system is just as borked as it was when I setup SITEADMIN based on how PHPBB does the session handling.
So first things first, preventing problems on your end:
Disable anything that attempts to "enhance your privacy", because this software mangles output from your computer. The only way we have to combat this malware is to make the login page use SSL, in which case the entire forum system would have to run in SSL mode to properly work.
Yes Malware. Norton ANTIVIRUS is okay, but the rest of the security suite is garbage. Buy a 60$ router instead of paying Anything for Norton Internet Security, it works better.
Other software , EZArmour, ZoneAlarm, and whatever else is out there mangles the cookies and referrers and browser data, basically anything that can be used to keep state data (ie, logged into things)
Privacy enhancement software works by preventing your computer from sending anything that can uniquely identify you, so in some cases it sends nothing at all, which results in phpBB having to guess who you are from the login string, and then affix the login string to every page. You can't "stay logged in" because the software is "protecting you" from it.
Personally, I use two computers, my parents computer which has this norton crap on it, and my laptop which has only computer associates antivirus on it. My laptop runs faster than my dads PC does, despite my dads PC spec-for-spec being identical.
When I turn off norton entirely, woo yay, it runs fast.
Now to the flip side of when you need such software:
You hook up to a school dorm (cause zombie PC's run rampant)
you access "open" WiFi hotspots
Yep, that's about it. I will no longer be working for a company tomorrow, but that company doesn't run any of this nonsense soft-firewall stuff, it only runs antivirus software. On some of the computers they have port-monitoring software, nothing that blocks traffic.
Amount of times we've had problems? Oh... I think twice in two years, of which both were viruses that exploited holes in Windows, the reason it happened is that they run XPSP1, not SP2, and still run SP1. Remember keep your windows updated with autoupdate.