Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does anybody know of any programs that I can use with Apache that I could get a forum going on a small website?
The website is running on a very small (both in HDD space and memory) server . I just need something small, light and easy to maintain. Any suggestions?
Just be a little careful if you pick phpBB. It has a pretty bad security track record and you really have to keep on top of patches.
This is true, I personally wouldn't reccommend it, I was just trying to demonstrate that a simple google search would find all these applications within 2 pages or so
"Just be a little careful if you pick phpBB. It has a pretty bad security track record and you really have to keep on top of patches."
This may have something true in it, but I find it unfair since phpBB is more popular than many others, and thus
will get more attention.
If you ask me the culprit is php, even its class model is lacking compared to Python and Ruby.
Just be sure to make security very tight with phpBB, setup your machine properly (i.e. by allowing daemons and so on only to run as restricted user), remember to keep backups, and to log everything - then I am sure you wont have a big problem. (Its just investing some time once.)
Just be a little careful if you pick phpBB. It has a pretty bad security track record and you really have to keep on top of patches.
The real reason for this is that phpBB is that much more popular than other forums. It's own success has made it a tempting target for attacks. I'd be willing to bet that most of the other forums mentioned here have flaws just as serious waiting to be uncovered, but they're much less likely to be hacked than phpBB. It really is security by obscurity.
[/QUOTE]...you really have to keep on top of patches.[/QUOTE]
This applies to any software you use that's accessable to the world. Whatever the program, if there's a patch to fix a hole, then it's a given that someone somewhere has written a hack to exploit it.
I agree that phpBB's popularity makes it a more tempting target (heck, I use it for a small board I run), but it doesn't change the fact that phpBB does have a rather long history of security problems, and not all of them are due to general php issues. The ease of setting up a phpBB board is a big part of its popularity, but unfortunately that also means that newbies, who may not have a good appreciation for security issues or proper patching regimens, will frequently choose it. Someone like the OP who is asking for suggestions needs to know that phpBB has had problems and needs to take that into account when making a decision. In my case I decided that the ease of phpBB was what I needed, but I keep a close eye on it with AIDE and by watching for patches/upgrades. I bet I'm in the minortiy of phpBB board hosts by doing even that small amount.
Do we let MS off the hook for viruses/spyware/adware/trojans just because it is a popular OS?
Already installed SimpleMachines. Was quick/easy/light on resources, and just what I needed to get a forum for my wife's church up and running.
Again, thanks for all the comments/help. It has been invaluble.
has security issues. It does not matter what OS or setup that you have. It is vulnerable, due to it being accesible.
As for the security issues:
ANY system that has outside access (floppy, network) has security issues. It does not matter what OS or setup that you have. It is vulnerable, due to it being accesible.
You can only minimize the vulnerabilities through dilligence and proper setup/maintence.
1. ANY system that has outside access (floppy, network) has security issues. It does not matter what OS or setup that you have. It is vulnerable, due to it being accesible.
2. You can only minimize the vulnerabilities through dilligence and proper setup/maintence.
Any system and service that does has network access will need to be hardened. It does matter which O.S. you choose and it does matter which software you choose: examples enough for both O.S. and SW. If you could describe a vulnerability as behaviour that was not intended then for some part risk can be mitigated by hardening the O.S. and software.
But counting the amount of times PHP-driven applications still are released that allow you to XSS, poison server variables, work with unscrubbed user input etc, etc you can only conclude developers just don't adhere to even the most basic programming principles. There's even soft that will force you to lower security settings to get things working. More than one developer of PHP-driven applications thinks *that* is 'best practice'. This means the risk can only be avoided by refusing to work with those apps.
I was just pointing out to the high and mighty that just the act of connecting to the 'Net opens you up, no matter how good you think your security is.
It's up to us to say Yes/No to bad practices, and not to complain about the lazy joes that just accept it
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.