I sure have learned my lesson of using phpBB on a site of mine that gets many hits. Apparently, the attacker used a SQL injection (my password is 7 characters and is VERY hard to crack) to gain admin access and deleted everything then left his mark.

I don't even know WHY phpBB is allowed to exist and WHY it's so popular... I'm NEVER going to use it again!

Keep away from it!

[N]F

Nothing new on the horizon, unfortunatelly. It is well-known that phpBB is the BBS with most security issues. And with hundreds of cracking tutorials on-line, even a kid could get into phpBB. On the other hand, it would be hard, even for a pro, to crack SMF. In my opinion, it is the best free BBS when it comes to security. It might not be as good-looking and customizable (the number of mods) as phpBB, but it sure is more secure.

I don't fully understand.

Anyway if you're talking about a phpBB forum, there's no point you should use proboards.

Isn't there any way to prevent these SQL injection attacks ?

BTW, what is an SQL injection attack ?

I'm using phpBB for my site and I loved the customizability. SMF seemed a little harder to use ( for me at least )

Isn't there any way we can make phpBB safer ???

Hope, the phpBB team will come up with a solution to avoid these SQL injection attacks!
I'm also using phpbb for my forum!
like it very much as it is the simplest forum and easy to maintain than any other bullettin boards!
I like the simple interface also!





You can see more about that here, here and also here

How to avoid SQL Injection >> Read it here & here

This post has been edited by pyost: Sep 23 2006, 09:25 PM

This is very alarming.

I've been deciding which setup to go to and this must be the third instance I've heard about phpBB getting SQL injhected (if that's a term being used now).

So I guess I'm left with SMF then. Is there any other free forum out there that's noteworthy that anyone here can recommend?

Try phorum.org.

It is used as a forum by Larry Ullman, an author of php and mysql books, so I suspect that it is rather secure. Also, this was posted on the phorum site Main page, which leads me to think it just might be secure:

Bad luck Nightfox...I feel for you..must have been terrible to login and find your board contents gone ;((

Did you have a backup in anyway?

Because phpbb is so popular for a long time now, a lot of whom know the source code and know how it works, so if you know how it works, you can always mess it up, don't you? Eventually, I read that SMF is much more secure to exploits and sql injections, because it is coded differently than phpbb, but people who is used to use phpbb - they have difficulties of moving to other forums such as SMF or don't have enough income to buy IPB or vBulletin.. They defend phpbb and say that those sites which get successful attacks didn't configure it the way it needs to be configured + the server configuration is bad and etc. It would be best to create your own forum system, but it just takes time and why waste the time if somebody else wrote it?

There are more forum software written but not so popular, so they might be more secure, but with less features and modifications + skins. I myself wanted to use phpbb, but as it is so vulnerable to exploits, I never did it, but I think I will use Phorum, which is available for a long time, but new versions are available now and I hope it will suit my needs.. I just need a very customizable forum software written in php which would work with mysql database.

oh ****! I ever used phpBB ... * gulp* well ... then i'll use phpbb 3 ; it's much more secure!

BTW i don't like smf , don't have money for IPB or VB... :/