Hello!

I wasn't sure whether or not this was the right forum, so feel free to move this post to the correct section.

I'm interested in installing a forum onto my account, however I have heard that installing a forum (requires cgi-bin access) will make your account or server more "hackable" for a lack of better terms >_< Is this true?

Thanks in advance!

-- Ecco

No..It's not, The only thing that may get hacked is your forum itself but this might only be the case if you're using a crappy forum that has little security.

Thanks! So what if I were to use a service like vBulletin? I've got my eyes set on that, but I want to make sure it's safe to use ^^;

-- Ecco

Few things to consider.

If you are using mysql-based forums like vBulletin, you have to make sure to secure your mysql from unauthorized access. That means you need to set a root password, limit access, and even firewall it from outside access.

And then you have to make sure the admin sections are either disabled via permissions and/or password-protected via .htpasswd.

Keep up with updates. When security patches are released apply them asap.

Lastly, understand there's a risk if you are logging in as moderator/administrator through an unencrypted tcp/ip session. If someone where sniffing they can potentially catch your password and use it to delete all of your posts.

Oh wow! Thanks alot! To be honest, I'm very new to this and can only just understand what you've said. But it's help so much, since I have a better idea of what to read up on!

Thanks again!

-- Ecco

Make sure users don't have access to config.php, because it contains the password and username to your database which anyone can modify through shell or connecting to your mysql server.