Starting a forum on a website

cwwilson721 · 01-12-2006, 11:22 AM

Does anybody know of any programs that I can use with Apache that I could get a forum going on a small website?

The website is running on a very small (both in HDD space and memory) server . I just need something small, light and easy to maintain. Any suggestions?

phil.d.g · 01-12-2006, 11:45 AM

http://www.google.co.uk/search?clien...=Google+Search

http://www.minibb.net/
http://www.phpbb.com/
http://www.ikonboard.com/
http://www.yabbforum.com/
http://www.simplemachines.org/
http://www.mylittlehomepage.net/my_little_forum

The last one is not as well known, but is quite light on the old resources

cwwilson721 · 01-12-2006, 11:49 AM

EXACTLY what I was looking for. Thanks

Hangdog42 · 01-12-2006, 03:28 PM

Just be a little careful if you pick phpBB. It has a pretty bad security track record and you really have to keep on top of patches.

phil.d.g · 01-13-2006, 06:02 AM

Quote:

Originally Posted by Hangdog42

Just be a little careful if you pick phpBB. It has a pretty bad security track record and you really have to keep on top of patches.

This is true, I personally wouldn't reccommend it, I was just trying to demonstrate that a simple google search would find all these applications within 2 pages or so

shevegen · 01-13-2006, 06:05 AM

"Just be a little careful if you pick phpBB. It has a pretty bad security track record and you really have to keep on top of patches."
This may have something true in it, but I find it unfair since phpBB is more popular than many others, and thus
will get more attention.

If you ask me the culprit is php, even its class model is lacking compared to Python and Ruby.

Just be sure to make security very tight with phpBB, setup your machine properly (i.e. by allowing daemons and so on only to run as restricted user), remember to keep backups, and to log everything - then I am sure you wont have a big problem. (Its just investing some time once.)

Spudley · 01-13-2006, 06:43 AM

Quote:

Originally Posted by Hangdog42

Just be a little careful if you pick phpBB. It has a pretty bad security track record and you really have to keep on top of patches.

The real reason for this is that phpBB is that much more popular than other forums. It's own success has made it a tempting target for attacks. I'd be willing to bet that most of the other forums mentioned here have flaws just as serious waiting to be uncovered, but they're much less likely to be hacked than phpBB. It really is security by obscurity.

[/QUOTE]...you really have to keep on top of patches.[/QUOTE]

This applies to any software you use that's accessable to the world. Whatever the program, if there's a patch to fix a hole, then it's a given that someone somewhere has written a hack to exploit it.

Hangdog42 · 01-13-2006, 07:15 AM

I agree that phpBB's popularity makes it a more tempting target (heck, I use it for a small board I run), but it doesn't change the fact that phpBB does have a rather long history of security problems, and not all of them are due to general php issues. The ease of setting up a phpBB board is a big part of its popularity, but unfortunately that also means that newbies, who may not have a good appreciation for security issues or proper patching regimens, will frequently choose it. Someone like the OP who is asking for suggestions needs to know that phpBB has had problems and needs to take that into account when making a decision. In my case I decided that the ease of phpBB was what I needed, but I keep a close eye on it with AIDE and by watching for patches/upgrades. I bet I'm in the minortiy of phpBB board hosts by doing even that small amount.

Do we let MS off the hook for viruses/spyware/adware/trojans just because it is a popular OS?

cwwilson721 · 01-13-2006, 08:14 AM

Already installed SimpleMachines. Was quick/easy/light on resources, and just what I needed to get a forum for my wife's church up and running.

Again, thanks for all the comments/help. It has been invaluble.
has security issues. It does not matter what OS or setup that you have. It is vulnerable, due to it being accesible.

As for the security issues:

ANY system that has outside access (floppy, network) has security issues. It does not matter what OS or setup that you have. It is vulnerable, due to it being accesible.
You can only minimize the vulnerabilities through dilligence and proper setup/maintence.

unSpawn · 01-13-2006, 07:11 PM

1. ANY system that has outside access (floppy, network) has security issues. It does not matter what OS or setup that you have. It is vulnerable, due to it being accesible.
2. You can only minimize the vulnerabilities through dilligence and proper setup/maintence.
Any system and service that does has network access will need to be hardened. It does matter which O.S. you choose and it does matter which software you choose: examples enough for both O.S. and SW. If you could describe a vulnerability as behaviour that was not intended then for some part risk can be mitigated by hardening the O.S. and software.

But counting the amount of times PHP-driven applications still are released that allow you to XSS, poison server variables, work with unscrubbed user input etc, etc you can only conclude developers just don't adhere to even the most basic programming principles. There's even soft that will force you to lower security settings to get things working. More than one developer of PHP-driven applications thinks *that* is 'best practice'. This means the risk can only be avoided by refusing to work with those apps.

cwwilson721 · 01-13-2006, 07:20 PM

You have to ALWAYS balance risk against gains

Don't get me wrong, I'm in agreement w/you.

I was just pointing out to the high and mighty that just the act of connecting to the 'Net opens you up, no matter how good you think your security is.

It's up to us to say Yes/No to bad practices, and not to complain about the lazy joes that just accept it