Thu Sep 21, 2006    Reply         

Nothing new on the horizon, unfortunatelly. It is well-known that phpBB is the BBS with most security issues. And with hundreds of cracking tutorials on-line, even a kid could get into phpBB. On the other hand, it would be hard, even for a pro, to crack SMF. In my opinion, it is the best free BBS when it comes to security. It might not be as good-looking and customizable (the number of mods) as phpBB, but it sure is more secure.

   Fri Sep 22, 2006    Reply         

   Sat Sep 23, 2006    Reply         

   Sat Sep 23, 2006    Reply         

Hope, the phpBB team will come up with a solution to avoid these SQL injection attacks!
I'm also using phpbb for my forum!
like it very much as it is the simplest forum and easy to maintain than any other bullettin boards!
I like the simple interface also!

QUOTE (FunDa)

BTW, what is an SQL injection attack ?

Link: view Post: 87792

QUOTE

SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

You can see more about that here, here and also here

How to avoid SQL Injection >> Read it here & here

   Sat Sep 23, 2006    Reply         

   Sat Sep 23, 2006    Reply         

   Sat Sep 23, 2006    Reply         

   Sun Sep 24, 2006    Reply         

Because phpbb is so popular for a long time now, a lot of whom know the source code and know how it works, so if you know how it works, you can always mess it up, don't you? Eventually, I read that SMF is much more secure to exploits and sql injections, because it is coded differently than phpbb, but people who is used to use phpbb - they have difficulties of moving to other forums such as SMF or don't have enough income to buy IPB or vBulletin.. They defend phpbb and say that those sites which get successful attacks didn't configure it the way it needs to be configured + the server configuration is bad and etc. It would be best to create your own forum system, but it just takes time and why waste the time if somebody else wrote it?

There are more forum software written but not so popular, so they might be more secure, but with less features and modifications + skins. I myself wanted to use phpbb, but as it is so vulnerable to exploits, I never did it, but I think I will use Phorum, which is available for a long time, but new versions are available now and I hope it will suit my needs.. I just need a very customizable forum software written in php which would work with mysql database.

   Sun Sep 24, 2006    Reply         

oh ****! I ever used phpBB ... * gulp* well ... then i'll use phpbb 3 ; it's much more secure!

BTW i don't like smf , don't have money for IPB or VB... :/

   Sat Jan 27, 2007    Reply         

   Sat Jan 27, 2007    Reply         

owwhh....i was wondering to used phpbb...is it really that this script so easy to stole...... can anyone give me a script that really safe for my new coming forum...)

   Tue Apr 24, 2007    Reply         

QUOTE (mnur183)

owwhh....i was wondering to used phpbb...is it really that this script so easy to stole...... can anyone give me a script that really safe for my new coming forum...)
Link: view Post: 102460

It's not about the script being stolen or anything like that, it's about being exploited due to the security holes it has. The developers at phpBB need to patch up these exploits as quickly as they can. The last time I read up about this, they weren't quick on their part...so I guess many had problems already.

If you want a "good" forum, try out Simple Machines Forum at:

http://www.simplemachines.org

They usually patch up the security holes very quickly...sometimes even before it's known to the public (lots of forum testers ).

   Tue Apr 24, 2007    Reply         

   Wed Apr 25, 2007    Reply         

   Fri Apr 27, 2007    Reply         

I've been thru a similar situation. Basically, i guess the hacker managed to get into my hosting account. Messed with my SQL database, and then, each time i loaded the forum, it redirected to his page where he left his mark. Sad.

I've learnt my lesson too. And now, i use vBulletin, far more secure. Way secure!

   Sat Jun 9, 2007    Reply         

It Happened to me as well My phpbb forum site was hacked too!! I believe the security problem is sorted out in phpbb 3!!!

I would recommend people to avoid using phpbb 2 as well!!!

Regards

   Tue Jun 12, 2007    Reply         

   Tue Jun 12, 2007    Reply         

I would recommend you to stay with SMF because hardly anyone is using PhpBB 3 and we dont know if it has any security issues but i'm sure its going to be much safer than PhpBB2!!

I'll say stick with SMF

   Tue Jun 12, 2007    Reply         

   Tue Jun 12, 2007    Reply         

i never knew that phpbb wasnt very secure.
I've just uploaded it for my site a couple of days ago.
I'm NOT ever using SMF, i really hate smf.
I might get rid of phpbb and use xmb, xmb is definately my favourite free forum around, i really love it.

   Tue Jun 12, 2007    Reply         

GM-University

Himanshu

amitbhandari