Re: phpBB alternatives?

Dennis Lahay <evild@xxxxxxxxxx> · Wed, 9 Feb 2005 09:47:04 -0600

Yes, please read that page again. It had nothing to do with the phpBB 
software itself, but with the AWstats that run on their server. The 
vulnerabilities that phpBB a few months back had were quickly patched. 
The phpBB community is huge and offer fantastic support.

Other alternatives include vBulletin or YaBB.

Too bad the same reaction that hosting providers are have toward phpBB 
don't take place in the real world when a Microsoft product 
vulnerability is exploited. From the recent update at phpbb.com:

"...

It is actually quite fustrating at present that some hosting providers 
are asking or forcing their customers to remove installs of phpBB 
2.0.11 due to the loss of phpbb.com. As I say above, our best available 
information right now is that phpBB was not to blame. ...

Equally it's annoying to see some people posting the same old 
highlighting exploit claiming their 2.0.11 board was hacked via it. 
Again unless my team and indeed our other teams, heck large sections of 
our community, are all lying to me that vulnerability was fixed in 
2.0.11. Sites running .11 and claiming (or thier hosts claiming) to 
have been attacked using it should take a close look at other 
applications they have installed. phpBB is not alone in being 
exploited, all the major boards can be if you don't update as new 
releases are made. Equally users should ensure the relevant 
highlighting fix is indeed present. Over the years we've dealt with 
thousands of users who say they've patched something (be it an exploit 
or bug) but upon examination we've discovered the problem code is still 
there. Equally hosts should look at their own systems. Are you running 
awstats if so have you updated? Do you regularly update your OS and 
particularly the kernel (if appropriate) as fixes are released? Are 
your users running old versions of other PHP/Perl/etc. software? Have 
you set appropriate permissions on key folders such as /tmp and 
/var/tmp? Is your webserver running with as few permissions as 
possible? Just because we overlooked something doesn't mean you should!

..."

On Feb 8, 2005, at 7:16 PM, Tony Di Croce wrote:

Due to the recent vulnerabilities discovered in phpBB and the content
of this page:
http://www.phpbb.com/
I have decided to consider other options for my forum needs... Does
anyone have any reccomendations for a PHP based forum software?
--
Send REAL USPS letters from the Web!
http://www.quickymail.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php