There are no security issues related with phpBB

:noseg: False

Thanks for the recommendation though

:noseg: False

Thanks for the recommendation though
Please, do tell, what security issues are you referring to? Every single product will have security issues. vB, MyBB, punBB, IPB, they've all had their share of issues. I know of no issues affecting phpBB 2.0.19 (the current version as I write this). So please, do tell to what you are referring.

I know of no issues affecting phpBB 2.0.19 (the current version as I write this). So please, do tell to what you are referring.

Without taking the limelight away from my initial post, phpBB 2.0.19 is stable... Until someone else learns their way around that one... It'll be the same as every other version with phpBB, that is why I don't want to use it... Well, that and the fact that I just dislike it.

I hate to be the one to break it to you, but that will happen with any software.

I hate to be the one to break it to you but you're paid to kiss phpBB <_>... I'm not, therefore I wont. End of discussion on phpBB.

For the record, phpBB staff are not paid, AFAIK. It is all volunteer based, as it is open-source.

I went ahead and split this from your thread, so we can keep discussing this :D

I hate to break it to you, phpBB Team members are not paid, unlike vB/IPB staff, so before shooting your mouth off, I would suggest checking your facts ;)

I hate to be the one to break it to you but you're paid to kiss phpBB <_>... I'm not, therefore I wont. End of discussion on phpBB. Please get your facts straight. I'm not paid by phpBB, so you can hang that one up. phpBB doesn't even have a donkey, so I'm sure where that came from ...

Secondly, common sense dictates that if a human writes software, something will go wrong. Or perhaps I need to go in to my nice explanation on how that is what I get paid to do, ensure that software doesn't break the security for a college ...

***Warning*** Incoming technical discussion

You need to understand a few things.

Software runs pretty much everything we do these days. From the stoplights at an intersection to banks protecting your hard-earned money to hospitals ensuring patients receive the right care. Vulnerabilities are not just related to phpBB, all three examples I just gave have had their vulnerabilities. What's worse is that a software malfunction was blamed on the killing of 290 innocent people on an Airbus A320 as it was identified hostile by missile targeting software on a friendly fighter jet. So next time you go spouting off that phpBB or something else is just a big vulnerability, think about it for a second, hm?

I had someone break into my vB forum two days ago. I guess vBulletin sucks.

Or, I could just admit that I didn't keep it updated.

Nah . . . vB sucks.

Manifest, while I understand where you're coming from, it is true that any piece of software is likely to have security flaws in it. From my experience (which granted, isn't very much where phpBB is concerned) the phpBB team take security flaws very seriously and usually issue an update very rapidly.

However, the problem with phpBB isn't in the coding, but because it is so widely used and because it is open source, security flaws will naturally be found a lot sooner than they would be with some other forum software.

What can the team do? Exactly what they have been doing, patch these problems as fast as possible.
What can a forum admin do? Use an upgraded version as soon as it comes out.

While I wouldn't install phpBB myself, I don't think you can dismiss is solely on it's history with security. It's a good piece of software which has been serving many large (including the largest) forums out there for a long time. Give the team some credit and try it before you dismiss it.

Just my 2 cents worth.

I'll try to be moderately diplomatic with my response...

Scott, finding vulnerabilities faster is apparently not the case. phpBB 2 turns 4 in a couple weeks. Let's assume that each release of phpBB 2.0.x fixes 2 security flaws (about average, right Techie?). That's 40 security flaws in 4 years, or 20 releases. That's 10 flaws per year. Totally acceptable.

Only problem is the severity of a few of the flaws, IMO.

Scott, finding vulnerabilities faster is apparently not the case. phpBB 2 turns 4 in a couple weeks. Let's assume that each release of phpBB 2.0.x fixes 2 security flaws (about average, right Techie?). That's 40 security flaws in 4 years, or 20 releases. That's 10 flaws per year. Totally acceptable.


Sure, that's perfectly acceptably as far as general software goes. However, comparing that to vb or IPB, the number is still greater. Don't get me wrong, I'm not denying that phpBB is a good piece of software but people are going to have opinions about it.

I also didn't know it was coming up for 4, I'll be sure to order :cake:

For the record, I like phpBB and have NO problems with it. I won't comment any further on this issue because the last time I did I was officially warned by a mod (not on FU though) and I didn't even do/say anything wrong!

So long as your phpBB install is kept up to date and you keep a regular backup, as you should with ANY software, you'll have no problems.

This just came up on Digg - http://www.issociate.de/board/post/312809/phpBB_mass-hack_being_prepared_
If that is correct (and I read it correctly) someone is registering with phpBB boards so if/when a new exploit is found they can mass exploit it immediately.

More of a "heads-up" to watch out for, and ban, the user "FuntKlakow" but also kinda interesting that someone's going to all this trouble to try and exploit phpBB forums.

I'm not sure I understand the thinking behind it - "let's destroy hundreds if not thousands of forums" - that doesn't sound like fun to me. :think:

There is no reason to believe that there is any malicious intent to that spammer, other than to spam. The vast majority of functions in phpBB do not require login. And the spammer is not using valid email addresses, so most registrations will be unusable anyway.

phpbb2 is a great script, I used it for the better part of 3 1/2 years.. although I understand why u think it is unsecure, your in fact wrong.. a vanilla phpbb2 board is very secure as long as u keep it constantly updated.. The place where a lot of users get into problems is when you start hacking and modifying the board. Some of the mod's are more prone to allowing exploiters take advantage of your site. It could be a lot worse, and in fact phpbb is free, you look at many of the sites on big-boards, your going to notice several of them are phpbb, so you must understand that the board itself isn't as insecure as you think, but when you go hacking it up, your risk increases..

btw I Love VB :D