8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

Secure phpBB

by williampaul
6 replies
Hii.. I want to make a web discussion forum, and I have a plan to use phpBB as the software. But I heard that phpBB is not secure enough (easy to crack/hack).

Would you give me modification/script tips to make phpBB more secure?
#phpbb #secure
  • Profile picture of the author phpbbxpert
    I follow phpBB3 development and its development discussions.
    This also included all security reports.

    To this day, No phpBB3 board by itself with no modifications has ever been hacked.
    Every report always traces to a server security issue, someones simple ( FTP, server or admin password), or some other modification, script or software that had a security issue.

    An issue has never been found directly with phpBB3 itself.
    {{ DiscussionBoard.errors[3532426].message }}
    • Profile picture of the author jminkler
      Originally Posted by phpbbxpert View Post

      To this day, No phpBB3 board by itself with no modifications has ever been hacked.
      An issue has never been found directly with phpBB3 itself.
      Not true, see above, and check the forums and google.
      {{ DiscussionBoard.errors[3540291].message }}
  • Profile picture of the author joy1986joy
    phpbb is a opensource and have a great security. They are developing and em biding more and more security every day. I have used it and never had a complain.
    Signature
    SEO INDIA
    {{ DiscussionBoard.errors[3539964].message }}
  • Profile picture of the author jminkler
    Since hackers can see the logins, they already have one piece of the puzzle and forums say that weak passwords can be brute forced (I guess no consecutive login failure lock mechanism in phpBB3)

    "mine was only 8 characters with only numbers and letters when mine got hacked so i increased the complexity. other forums like VBulletin and Invision Power have lock out features after invalid attempts which help keep out the hackers. Plus within Invision your login ID can be different from your display handle. "

    Also, as you install modules, re-check your security profile.
    {{ DiscussionBoard.errors[3540230].message }}
  • Profile picture of the author phpbbxpert
    Your not correct, phpBB3 has always had a failure block for failed passwords.
    3 times and it locks it and forces captcha which can also be extended.

    I don't need to check anything. As I said I have been involved with phpBB3 since day one and every investigation turns up not being a security issue in phpBB3.

    I have numerous high traffic phpBB3 sites and none of them have ever been hacked.
    One of them has a couple hundred users online at any given time and has been there since phpBB3 RC's, before the official release. Not to mention the official phpBB.com forum which has even more traffic.

    phpBB3 has a full security settings page in the admin. Have you ever looked at the settings?
    Force Password Change
    Max number of login tries
    Password complexity
    IP validation, etc......
    Password Length

    You again prove it here. You had a week password. That is not phpBB3's fault, its your own as it would be in any software.

    I would like to see a phpBB3 forum hacked, without any other openings, through the actual core software itself.
    With a password that I would typically use IM5BnS2cW0lnSuiD401H
    {{ DiscussionBoard.errors[3543436].message }}
    • Profile picture of the author williampaul
      :rolleyes: Thanks for all.. good suggestion anyway. Now, I still learning how to control the administration area. Like all of you said, I'll start to secure my phpBB with the strong password also I 'll check again the login area and modules.. thanks..
      {{ DiscussionBoard.errors[3551431].message }}

Trending Topics