How Many Security Holes in phpBB

Discussion in 'Computer Science & Culture' started by Bowser, Jul 7, 2016.

  1. Bowser Life is Fatal. Valued Senior Member

    Messages:
    6,151
    Thinking of building a forum but don't know which forum script is right. phpBB seems popular, but I also see there are issues with security. Any suggestions that deserve research? Also, I want a forum that shows well on Android. I have a client app but need a server-side forum to feed it.
     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. Dr_Toad It's green! Valued Senior Member

    Messages:
    1,830
    I've used it since 2008 with only minor complaints, soon solved via their forum.

    You'll have to harden it and your server up a bit, but I've never been hacked. I also run iptables as a firewall and make sure that any attempted hackers get a place there.

    I am a couple of revision numbers out of date, so I imagine they've made it even better as far as security goes. There are modifications you can make that will make it even tougher.

    Get used to SQL management, or use phpmyadmin for back-end tasks.
     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. Bowser Life is Fatal. Valued Senior Member

    Messages:
    6,151
    Thanks for your reply. It's something that needs serious consideration. I'm not only looking at the forum tools but also the hosting options, and trying to figure out how I might generate traffic. I've already purchased a domain.
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
  7. Dr_Toad It's green! Valued Senior Member

    Messages:
    1,830
    I host mine myself and use my domain registrar for the DNS pointer. I can get under the hood, and watch traffic in real-time that way.
     
  8. Bowser Life is Fatal. Valued Senior Member

    Messages:
    6,151
    I once thought of doing the same, but letting others deal with the server side seems more practical for me. Also, many hosting companies offer nearly 100% up time and daily backups. I think what might also be important is the option of porting your forum to a different server if so desired. Anyway, I'm still looking into it. I'm far from committed to any specific plan at this time.
     
  9. Confused2 Registered Senior Member

    Messages:
    429
    Some of my thoughts that might (or might not) be relevant.

    I've had a commercial website for the last 20 years or so.
    Part of my original philosophy was take the server to the bandwidth not vice versa - maybe this dates from 9600 baud modems.
    I'm currently on a shared server (Apache,linux OS) with php, mysql and stuff I never use (which includes a BB if I wanted). The service includes 24 hour IT support which I've used on maybe 5 occasions - usually because they've IP banned me for seeming to be hacking my own site. On one occasion they updated php with the result that every page served generated an error and a huge error log which eventually exceeded my disk allowance. In fairness they sorted it out within 24 hours but I had to work out what they'd done.

    So far I haven't been aware of any hardware fails in the contract server - if they have failed it has been transparent from my side.


    I also run my own local server which updates the remote server in real time. The local server is mission critical - any problems with it immediately releases the headless chicken of IT support. Of course you have backups. You do check your backups for corruption don't you? Of course you don't. So you have a replacement server ready loaded with mysql ready to replace the faulty one. Unfortunately your backup server has mysql 4 and we're up to 5.5 now and the backup won't restore. Let us assume at this stage that you haven't misdiagnosed a network problem as a server crash and what you are doing isn't actually totally insane. So what version of mysql was your server actually running? Of course you don't know. Why not see if you can get some data off the server hard disk- let's back that up too - another dodgy backup in the mix won't make things any worse. Meanwhile we're writing sales transactions down on pieces of paper. Not sure what we're selling - we use barcodes and a computer for that.

    One thing I have learned is to use full backups no matter how long it takes.
     
  10. Bowser Life is Fatal. Valued Senior Member

    Messages:
    6,151
    Any experience with vBulletin? Just had a look at it and thought it interesting. They offer mobile app support for their forum.
     
  11. Bowser Life is Fatal. Valued Senior Member

    Messages:
    6,151
    I signed up with a local hosting service. After searching all the larger online retailers, I found a perfect offer in town. It seems that phpBB doesn't need a ton of storage (less so for a fledgling startup as will be mine). All I need now is time.
     

Share This Page