Results 1 to 21 of 21
  1. #1
    Join Date
    Jan 2001
    Location
    Ontario Canada
    Posts
    41

    Question best forum software for low hacking/spamming?

    I am having trouble with client's having phpBB. I've had trouble with hackers in the past, but lately I'm having lots of troubles with spammers on these boards. I have guest posts turned off, visual confirmation turned on, and users must confirm their registration via email - but still but still I get tons of spammers - most don't confirm their registration by email because the email addresses are fake (they bounce back to me), but many don't even intend to post at all, they just want the link from their profile which for some stupid reason is shown on the board even though they never finished the registration process. Some do manage to post too - lots of sex stuff, drugs, un-related site pitches, all hoping for Google to give them higher page rank do to increased links. Annoying!

    So, now I am trying to find a way to either "fix" phpBB - but then I will probably have to constantly patch each client's version regularly, or maybe switch over to another more secure (from both hacking and spamming) forum.

    Any suggestions? And if I go with a paid solution like Vbulletin, does it need regular patching and updating too? (you have to pay for updates I believe, which will be hard to explain to some clients who look at setting up a forum as a one time cost). Is it better to go with a paid solution like vBulletin? Or is it better to go with a smaller, less-likely-to-be-targetted piece of software like simple machines?

    Whichever I choose - in addition to being secure - also needs to be user friendly to help make the board successful, and it also needs to be easy to moderate/administrate for those non-technical clients.

    Thanks in advance for any advice!
      0 Not allowed!

  2. #2
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,391
    I would say go with either vbulletin or invision power board. Both are very secure from my experience with them they do not need regular updates as they're very stable but they do cost money. Regular patching is ofcourse the best thing to do but not always necessary for Vbulletin from my experience. Though for PHPBB it is best to keep yourself updated and subscribed to their main site for new releases and so on.

    Good luck
    CirtexHosting Providing Affordable and Quality Web Hosting & Reseller Hosting since 2003
    LINUX based cPANEL/WHM Shared and Reseller Web Hosting with Fantastico
    HostV VPS Premium Virtual Private Servers & Dedicated Servers powered by cPanel/WHM
    We transfer your sites over quickly! I eat penguins for breakfast ...
      0 Not allowed!

  3. #3
    Join Date
    Aug 2002
    Location
    here
    Posts
    1,568
    vBulletin FTW!! I have used phpbb before and it got defaced even with it being the latest stable. I have nothing to say about the other software as I have never used the other.
    Dave
      0 Not allowed!

  4. #4
    Join Date
    Mar 2004
    Location
    Duluth, MN
    Posts
    286
    My vote is vor vBulletin if you can afford it.

    No matter what forum you use, here are three things you can do to minimize hacking and SPAM

    1. Require posters to be members of the forum and enable email confirmation -- most spammers won't bother going through all that
    2. Keep the software updated and patched, this means every update and patch not just the major ones. Most "minor" updates were released to close security holes in the software
    3 Be carefull with "mods" -- you are changing the source code of the software or adding new code and this could introduce security vulnerabulities that don't exist in the "stock" software.

    Good luck

    Tim
    Tim Ryberg, InterWorx L.L.C. | InterWorx Hosting Control Panel 3.0!
    Views expressed are the author's own and do not represent those of InterWorx L.L.C. unless stated otherwise.
    Join me in my personal quest for The Ultimate CMS!
      0 Not allowed!

  5. #5
    Join Date
    Aug 2002
    Location
    here
    Posts
    1,568
    Quote Originally Posted by IWorx-Tim
    3 Be carefull with "mods" -- you are changing the source code of the software or adding new code and this could introduce security vulnerabulities that don't exist in the "stock" software.
    Very true. And the mods that plugin with vBulletin are mainly template mods with its own files. Little more secure IMO.
    Dave
      0 Not allowed!

  6. #6
    Quote Originally Posted by Maxine
    I am having trouble with client's having phpBB. I've had trouble with hackers in the past, but lately I'm having lots of troubles with spammers on these boards. I have guest posts turned off, visual confirmation turned on, and users must confirm their registration via email - but still but still I get tons of spammers - most don't confirm their registration by email because the email addresses are fake (they bounce back to me), but many don't even intend to post at all, they just want the link from their profile which for some stupid reason is shown on the board even though they never finished the registration process. Some do manage to post too - lots of sex stuff, drugs, un-related site pitches, all hoping for Google to give them higher page rank do to increased links. Annoying!

    So, now I am trying to find a way to either "fix" phpBB - but then I will probably have to constantly patch each client's version regularly, or maybe switch over to another more secure (from both hacking and spamming) forum.

    Any suggestions? And if I go with a paid solution like Vbulletin, does it need regular patching and updating too? (you have to pay for updates I believe, which will be hard to explain to some clients who look at setting up a forum as a one time cost). Is it better to go with a paid solution like vBulletin? Or is it better to go with a smaller, less-likely-to-be-targetted piece of software like simple machines?

    Whichever I choose - in addition to being secure - also needs to be user friendly to help make the board successful, and it also needs to be easy to moderate/administrate for those non-technical clients.

    Thanks in advance for any advice!
    Try Simple Machine Forums
    Last edited by Mikie4648; 09-07-2006 at 09:46 PM.
      0 Not allowed!

  7. #7
    Join Date
    Sep 2003
    Location
    Michigan.
    Posts
    305
    phpbb is fine, you just have to know how to use it, and make it do what you want, there are many mods to stop spammers, prevent idiots, and much more. If you are intersted I will get you to some links, I started my forum 8 months ago running phpbb and have over 3,500 registered members and over 26,000 posts, phpbb is fine, just tune it to how you want it, can't wait for phpbb3 to come out of beta stage, with awsome features aready in it..
      0 Not allowed!

  8. #8
    Join Date
    Sep 2003
    Location
    Michigan.
    Posts
    305
    oh yeh just so you know, the biggest forum in the world is running phpbb, modded very extremely though.. but still phpbb!
      0 Not allowed!

  9. #9
    Join Date
    May 2006
    Posts
    556
    Quote Originally Posted by Mikie4648
    Try Simple Machine Forums
    Agreed! Best free forum script I have found!
      0 Not allowed!

  10. #10
    Join Date
    May 2006
    Posts
    556
    Quote Originally Posted by ryan1918
    phpbb is fine, you just have to know how to use it, and make it do what you want, there are many mods to stop spammers, prevent idiots, and much more. If you are intersted I will get you to some links, I started my forum 8 months ago running phpbb and have over 3,500 registered members and over 26,000 posts, phpbb is fine, just tune it to how you want it, can't wait for phpbb3 to come out of beta stage, with awsome features aready in it..
    I don't mean to be rude or anything but here's what I get when I go to your site:

    phpBB : Critical Error

    Could not connect to the database

    Not fine, there goes your track record

    Hope your sql server just stopped or something!
      0 Not allowed!

  11. #11
    Join Date
    Oct 2004
    Location
    India
    Posts
    491
    Imho, the best one will be vBulletin, if you are looking for a paid one, else the SMF ( Simple Machine Forums ) has been found less targeted and more secure then the other popular counterparts.
    ESC :wq!
      0 Not allowed!

  12. #12
    Join Date
    Dec 2005
    Posts
    400
    go with vB as I've had many problems with Invision. My forum even got hacked with the newest version 2.1.7 while I see all the vB boards running great!
      0 Not allowed!

  13. #13
    Try Simple Machine Forums
      0 Not allowed!

  14. #14
    Join Date
    Sep 2003
    Location
    Michigan.
    Posts
    305
    Yeah I moved to a better server my website is up now, anyways the Biggest forum in the world is, http://www.gaiaonline.com/forum/index.php running phpBB
      0 Not allowed!

  15. #15
    Join Date
    Sep 2003
    Location
    Michigan.
    Posts
    305
    Who is Online? - 46637 users. (40704 visible, 4182 hidden, 1751 guests).

    Gaia has 778,973,913 articles posted with 4,602,420 registered users.

    Most users ever online was 55,206 on Mon Sep 11, 2006 6:20 pm
      0 Not allowed!

  16. #16
    Join Date
    Feb 2004
    Location
    New Zealand
    Posts
    1,202
    Anything that you have to pay a lot of money for will be good. The mroe money you pay, the more money the developing company can spend on developing there already awesome product e.g Vbulletin or invision.

    I have to say invision are developing some pretty nice security tactics in there code...

    Anything that is opensource is going to be exploited to the core, Anything which is closed-code will obviously be a little more secure.

    Good luck
      0 Not allowed!

  17. #17
    Join Date
    Aug 2002
    Location
    here
    Posts
    1,568
    Quote Originally Posted by LoganNZ
    Anything that you have to pay a lot of money for will be good. The mroe money you pay, the more money the developing company can spend on developing there already awesome product e.g Vbulletin or invision.

    I have to say invision are developing some pretty nice security tactics in there code...

    Anything that is opensource is going to be exploited to the core, Anything which is closed-code will obviously be a little more secure.

    Good luck
    Code in vB is still visible but not as easy to get in the hands of a script kiddy. Its open source but not open source with gpl. Catchin me?
    Dave
      0 Not allowed!

  18. #18
    Join Date
    Sep 2006
    Location
    US
    Posts
    14
    Quote Originally Posted by LoganNZ
    Anything that is opensource is going to be exploited to the core, Anything which is closed-code will obviously be a little more secure.
    http://www.opensource.org/advocacy/faq.php
    In fact, open-source operating systems and applications are generally much more security-safe than their closed-source counterparts. When the "Ping o' Death" exploit was revealed in 1997 (for example) Linux had fix patches within hours. Closed-source OSs didn't plug the hole for months.
      0 Not allowed!

  19. #19
    Join Date
    Sep 2006
    Location
    US
    Posts
    14
    I have a general question about forum security: are the problems mainly caused by people who are registered members, or by people with no membership access?
      0 Not allowed!

  20. #20
    Join Date
    Oct 2004
    Location
    India
    Posts
    491
    Bugs in the open source codes can be exploited by both the registered users and the others.
    ESC :wq!
      0 Not allowed!

  21. #21
    Join Date
    Sep 2003
    Location
    Michigan.
    Posts
    305
    So your saying billions makes it better, then what happen to microsoft, maybe if they spent some of there profit on security they wouldn't have so many flaws..

    So no it's not all about money, phpbb has almost every feature any other board has, if not it can be added..

    Quote Originally Posted by LoganNZ
    Anything that you have to pay a lot of money for will be good. The mroe money you pay, the more money the developing company can spend on developing there already awesome product e.g Vbulletin or invision.

    I have to say invision are developing some pretty nice security tactics in there code...

    Anything that is opensource is going to be exploited to the core, Anything which is closed-code will obviously be a little more secure.

    Good luck
      0 Not allowed!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •