What is the recommended BB software that is secure? I have had that pos phpBB hacked twice now and they keep blaming it on php, not their code. Whatever. I would like to keep the bb/forum type thing going but don't know which package to use?
[OT] php based bulletin board ????
phpBB never actually blames anyone. They are always attacked for the same reason microsoft is: it's so popular. And, just like MS, they release a patch for their board as soon as the problem is found and solved.
phpBB can't be blamed for everything. It is the hosts job to keep PHP updated, as well as their software. A recent attack that was blamed on phpBB was not actually phpBB related, but AwStats. Hosts are just looking to point the blame, but don't want to point that finger at themselves for not updating their software.
Now, it is the webmasters job to update the forum (phpB
software, and by not running the latest version (2.0.13 as of Apr. 12, 2005), you are the only one to blame.
phpBB is not the problem, it's the users and hosts mainly. But when phpBB does have problems, they make sure to fix it. I have presonally never had a forum attacked and always check once per week for updates from phpBB. They have 5 different ways to let you know when updates are out, and if you don't use them, phpBB team can not be blamed for having "bad" software, or easily hacked software.
If the phpBB team could be blamed for each security flaw, do you think they'd still be around? If phpBB could be held responsible, why couldn't Microsoft; a company who makes you pay for their software? So Microsoft says that it's not their fault, but the users fault if they get hacked, as long as they're using the most up-to-date software. Same goes for phpBB. It is not their fault, unless you are running the most recent update to their software. Then you can report it, and an update will be released.
All [forum] software is the same: if you don't update it, you will be vulnerable to attack, no matter what [board] software you use. But, since you're looking for other software:
phpBB
phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP server language and your choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community solution for all web sites.
Simple Machines Forum (SMF)
Elegant. Effective. Powerful. Free. SMF is all of the above. SMF is a next-generation community software package and is jam-packed with features, while at the same time having a minimal impact on resources. Some of our features include:
Comprehensive Themes: Not only can you control the default theme for your community, but you can also allow your users to select from a range of themes themselves.Blazing-Fast Database: Not only do we make use of a MySQL back-end, but we've also gone to great lengths to ensure the database design is fast and efficient.
Secure File Attachments: Our special file-attaching system allows your users to attach files without fear of corrupting your system.
Automatic Mod Installation: Unique to SMF is our package manager - a system by which you can download and install upgrades and modifications with just a few mouse-clicks.
vBulletin
vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and ultra fast back-end database engine built using MySQL.vBulletin is the ideal community solution for all medium-to-large sites.
MercuryBoard
MercuryBoard is a powerful message board system dedicated to raw speed with a mixture of features, ease of use, and ease of customization coupled with expandability, and diverse language services. Now just over two years in the making, version 1.0.0 is an immensely stable, thoroughly tested, and well-written piece of internet software ready for any webserver, running on PHP versions as low as 4.0.0 and MySQL versions as low as 3.22.
Ultimate PHP BB
UPB is a forum/message board script. It supports threaded discussion with a comprehesivetext database system that we wrote here at php outburst for the backend. We are almost at theend of getting rid of all the bugs associated with developing the forum. We strive of userimput because thats what really makes a good forum.
XMB Forum
XMB is a fully scalable, highly customizable Open Source message board software. XMB has a user-friendly interface, simple set up, stable performance, and tons of features. Based on the powerful PHP language and the MySQL database, XMB is a very powerful combination, suitable to everyone's needs.
bbBoard v2
bbBoard v2 is the best message board software available today. Guaranteed! With mind-blowing features, quick and helpful support whenever you need it, and constant upgrades, bbBoard v2 simply cannot be surpassed. And we're working hard every moment of every day to make sure it stays that way.
Zorum
Zorum is a message board software, which may be used with equal success on both intra- and internet sites. Zorum is a very basic software package that may be customized easily by adding or subtracting desired features. These modifications are done by our programers to suit the customization needs of our clients.
Phorum 5
Phorum is a web based message board written in PHP. Phorum is designed with high-availability and visitor ease of use in mind. Features such as mailing list integration, easy customization and simple installation make Phorum a powerful add-in to any website.
Invision Power Board (IP
Invision Power Board, an award-winning scaleable bulletin board system, allows you to effortlessly build, manage and promote your online community. Advanced yet intuitive features like multi-moderation allow you to focus on developing your community, rather than wrestling with complex settings.
Easy Forum
Easy Forum! is a good looking Discussion Board System written in PHP. Easy Forum! possesses a large number of useful features such as:
Extremely fast and easy-to-install
High performance, low bandwidth.
100% XHTML1.1/CSS2 compliant output
Full PHP3/PHP4/PHP5 compatibility
Up to 99 forums
Best viewed with any browser
Cell phones and PDA support via WAP
No MySQL database required
2 valid RSS/RDF feeds
Text formatting, HTML tags filter
Custom timezone settings
Different icons, smilies, 'http' links
Unrecognizable 'mailto' links
User registration
Backup/Restore, IP banning
Translated in 28 languages
10 pretty color schemes at choice
and many more...
Hope that helps.
~Brett
I've become quite a big fan of smf (also known as simple machines). I've been doin stuff to it for the student's union bulletin board... just need to get my head around the mods now :bemused:
i think phpbb should take the blame for 2.0.12 release as it had a huge gaping security hole. and if you have to check phpbb weekly to make sure you are on the newest version then how safe is their code?
now in saying that phpbb is free and i use it for all my forums (and i of course have 2.0.13).
phpBB is to blame for having gaping security holes at points in times. But I've heard a lot of people complain about phpBB and security. And when they are confronted with the question of: "What version are you running?", they reply with "1.x.x" or not the latest. So who's to blame?
Personally I blame the hackers. They don't have a life but to make a board go bump. But still, phpBB group is not to blame for everything. AwStats and MS have security holes, but no-one says anything to them. But that's just an opinion.
As for checking each week: I do that because of mods I have on my boards. I make sure that there's no update(s) and I'm up to date. I don't subscribe to the phpBB newsletter which automatically emails you as soon as a new release is out.
As for SMF: I like it. I'm using it on one of my boards. Not too shabby. It's nice. I can't say anything bad about it, except it's hard to code around for modifications and takes a good time to learn. There is good support & mods for it, but phpBB is so widespread, it's worth the "risk" you'd take. SMF is also not exactly the most secure board. While it may be secure as far as queries are concerned, the password encryption needs work. It's weak (from what I can tell).
~Brett
Originally posted by bpat1434
... and MS have security holes, but no-one says anything to them.
HWGgvbbshmbbm!
Originally posted by Weedpacket
HWGgvbbshmbbm!
I agree
Originally posted by Weedpacket
HWGgvbbshmbbm!
huh?!?! I . . . don't . . . get . . . it. DOH!!
~Brett
... MS have security holes, but no-one says anything to them. But that's just an opinion.
You got to be kidding me. Not only does everyone talk about it they also completely blame them for making bad products. No one, especially here, blames the hackers for what MS built.
I did a google search on 'microsoft security holes' and got back 1.3 million results.
Yes, but has that hindered their business? Is Bill Gates NOT the richest person in the US? Does Microsoft NOT own contracts with the gov't, educational facilities, computer developers, and EVERYONE in general?
And while many people complain, who has stepped up to say: "We need to petition the U.S. Government to put in motion a series of laws that would prohibit the release of software that could have potentially lethal security holes." No-one is the answer to that. If it were such a huge issue and 1.3 million hits were coming back on the issue, why has no-one stepped up? Because Microsoft promises to make it better, but doesn't.
But I digress from the point of this thread.
~Brett
"We need to petition the U.S. Government to put in motion a series of laws that would prohibit the release of software that could have potentially lethal security holes."
First off, we are in a free market so I do not want the government to have that much control. If you do not like Windows you can easily get a Mac or Linux machine that will do everything windows can do.
Second, you just included every OS that exists. If an OS can connect to the web then there will always be the potential for a lethal security hole. Here is the full list of all known security holes. You will notice every OS that exists will be on this list. http://cve.mitre.org/cve/downloads/full-allitems.txt
And you have not really refuted my point which is people do say a lot about MS security holes. I would even go so far to say more people complain about MS security holes then Linux security ones. For some reason talking about Linux security holes is taboo.
I am done arguing. If you think the bug they made is not their fault that is fine with me. The ironic thing is I like PHPBB and consider the bug something that is part of working on the web.
I'm not saying it's not their fault, it's just that what most people think is a phpBB flaw, sometimes is not true. While every host screamed "phpBB is to blame!!", phpBB looked around, and found an answer, and they weren't to blame at all.
But yes, this argument has gone far enough. I have yet to find any phpBB board that I use that has had an attack.
I would suggest phpBB, then SMF. If you pay for board software, you're a sucker.
~Brett
I use phpBB and always have loved it. I think it truly is the best forum out there. All the others just don't have the same style. It's widely supported.
But my board shate its self the other week for NO reason at all. The styles completely went up the creek and let me with the paddle and a question mark above my head 
Why not just make one yourself? its easy to get the basic idea down just takes time is all. Then you'll have no one to blame but yourself 
Originally posted by pohopo
For some reason talking about Linux security holes is taboo.
It's not taboo. That's the great thing about the open source community. It's so widely talked about, that it usually gets a fast patch.
On the other hand, a MS security hole is found, reported to MS, ignored, released publicly, then either given the cookie cutter response of "we're working on it" or the person who released it is "silenced".
Originally posted by LordShryku
It's not taboo. That's the great thing about the open source community. It's so widely talked about, that it usually gets a fast patch.
On the other hand, a MS security hole is found, reported to MS, ignored, released publicly, then either given the cookie cutter response of "we're working on it" or the person who released it is "silenced".
There's the point I was trying to make. I just couldn't put it into words. Thanks Lord!!
~Brett
Good point LordShryku, which is a definite plus for the Linux world.
Originally posted by NetNerd85
Why not just make one yourself? its easy to get the basic idea down just takes time is all. Then you'll have no one to blame but yourself
How does one go about coding a forum? Im really interested.
You have to think about what type of forum you want. Make a database with tables to hold all your information. Design a structure, handle login/logout functions, get topics, display topics, read profiles, add users, add admins, add forums, add categories, new posts, replies, private messages (if you want), announcements, stickies, moderators, moving topics, locking topics, deleting posts, BBCode, smilies, handle cookies/sessions, handle html code.
There's a lot more, but that's just what my general thoughts are.
Personally, I'd use a pre-made one. Even if you're looking for something small, a well written forum script is better than writing your own since it's done for you. While you may get experience writing your own, you can see the amount of hours of work that would go into it.
~Brett
Thanks for the reply. I used PHPBB before and its excellent. This one is for a univerist y project. I already know the database i need for it, and login/register functions are already done. My problem is with the message threads - implementing a tree structure for the forum. Hope it makes sense.