Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!
Avoid Phpbb! New Security Exploit!
Posted 22 September 2006 - 03:15 AM
I don't even know WHY phpBB is allowed to exist and WHY it's so popular... I'm NEVER going to use it again!
Keep away from it!
Posted 22 September 2006 - 12:04 PM
Posted 23 September 2006 - 02:03 PM
BTW, what is an SQL injection attack ?
I'm using phpBB for my site and I loved the customizability. SMF seemed a little harder to use ( for me at least )
Isn't there any way we can make phpBB safer ???
Posted 23 September 2006 - 04:07 PM
I'm also using phpbb for my forum!
like it very much as it is the simplest forum and easy to maintain than any other bullettin boards!
I like the simple interface also!
BTW, what is an SQL injection attack ?
SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.
You can see more about that here, here and also here
How to avoid SQL Injection >> Read it here & here
Edited by pyost, 23 September 2006 - 09:25 PM.
Posted 23 September 2006 - 04:26 PM
I've been deciding which setup to go to and this must be the third instance I've heard about phpBB getting SQL injhected (if that's a term being used now).
So I guess I'm left with SMF then. Is there any other free forum out there that's noteworthy that anyone here can recommend?
Posted 24 September 2006 - 06:10 AM
It is used as a forum by Larry Ullman, an author of php and mysql books, so I suspect that it is rather secure. Also, this was posted on the phorum site Main page, which leads me to think it just might be secure:
* There is no shortage of message boards that use MySQL. When the webmasters at mysql.com went looking for one to install, they chose Phorum.
Posted 24 September 2006 - 10:11 AM
There are more forum software written but not so popular, so they might be more secure, but with less features and modifications + skins. I myself wanted to use phpbb, but as it is so vulnerable to exploits, I never did it, but I think I will use Phorum, which is available for a long time, but new versions are available now and I hope it will suit my needs.. I just need a very customizable forum software written in php which would work with mysql database.
Posted 28 January 2007 - 07:13 AM
but again its like ie ,the more famous,the more hackers try to find security holes in it.
Posted 24 April 2007 - 12:46 PM
It's not about the script being stolen or anything like that, it's about being exploited due to the security holes it has. The developers at phpBB need to patch up these exploits as quickly as they can. The last time I read up about this, they weren't quick on their part...so I guess many had problems already.
owwhh....i was wondering to used phpbb...is it really that this script so easy to stole...... can anyone give me a script that really safe for my new coming forum...)
If you want a "good" forum, try out Simple Machines Forum at:
They usually patch up the security holes very quickly...sometimes even before it's known to the public (lots of forum testers ).
Posted 25 April 2007 - 11:47 AM
All the sites you see that have been hacked have most likely used phpBB, there are quite a few alternatives and i'd say any of them would be better than phpBB.
You can go here: http://www.opensourcecms.com and check out the forum demos on the site.
Posted 27 April 2007 - 09:44 PM
Anyway, I'm having fun with SMF so far; everything is easier with it, and there's alot of features that work out of the box with SMF that I have to spend a few hours modding phpbb to get. I may try phpbb3 again when there are some decent mods out for it, but until then, I'm sticking with SMF.
Posted 09 June 2007 - 02:05 PM
I've learnt my lesson too. And now, i use vBulletin, far more secure. Way secure!
Posted 13 June 2007 - 12:01 AM
i'm kinda dubble sided as to what software i should use for my new forums. I have both experiences with phpBB and SMF. I was considering phpBB3 now so my new forums. Does anyone want to back phpBB3 or still reccomend me to go for SMF?
Posted 13 June 2007 - 01:24 AM
Reply to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users