Community forum hacked, again…

This is the 4th time that phpBB plus was hacked, I’ve liked a lot that forum but we can not check every single day if a new XSS o bug is discovered and if there is patch to download.

With the new releases also the update/patching process is begone long and boring.

Now I’m thinking to switch to another OOS forum, but I don’t know what, we don’t need a zillion features forum, we need something easy to manage, to use and to restore.

Any ideas?

41 comments ↓

#1 user on 09.23.05 at 3:49 pm

Hi,
i suggest you http://phorum.org/ it’s quite stable, fast and secure.
I, personnaly, hate PHPBB and full-of-useless-colorfull-forums, Phorum rox.
‘luck

#2 StingRay on 09.23.05 at 9:55 pm

You won’t go wrong with FUDForum for security.
http://fudforum.org/forum/

#3 ceam on 09.25.05 at 4:38 pm

ok

i remove the hack, but the forum is not patched…

i play with webdeveloper extension and edit css to put
#Layer1 {
display: none;
}
to use forms in admin

i don’t know which is the best forum instead of phpbb (and the problematic phpp+)

maybe fudforum, with the conversion tool
or simply a basic phpbb, without external pack
easier to update…

#4 Fullo on 09.26.05 at 12:12 am

thanks ceam :)
I was on holiday this weekend and I cannot work on the forum

btw I’m thinking to move to fudforum…

#5 Sipka on 09.26.05 at 5:43 am

Try to use simplemachines forum (http://www.simplemachines.org/), it is a very great forum, i used to use phpbb, but I love this sm forum. Easy to install and update from the admin panel. :)

#6 urbanfalcon on 09.27.05 at 10:55 pm

When I went into the forum, I couldn’t find any of the old entries (most boards had been cleaned out). Without the database backup, a conversion is moot. Do you have a backup off the server from before the hack? I haven’t looked around at mySQL-level, only glanced from the front-end.

I think the problem was the fact that it was phpBB Plus and not core phpBB. The phpBB developer team is very active, and they’ve released a few critical patches that phpBB Plus either didn’t pick up or couldn’t fully utilize. It’s probably fine to just take the data and plug into a clean phpBB install. But it’s about the same amount of work as jumping to another open source board. The value is in the data, and the searchability of that information…not the presentation. We just need to make sure the platform comes out of an active open source community.

#7 beebum on 09.28.05 at 3:27 pm

There’s also

http://www.punbb.org/

#8 Dan on 09.29.05 at 10:02 pm

Check out http://www.punbb.org/ nice clean interface, pretty minimal.

#9 Bčr on 10.02.05 at 8:53 pm

I can say only one thing “Drupal”. Find it at drupal.org.

#10 David on 10.03.05 at 5:47 pm

Well phorum is nice, yeah. Simple Machine, like Vanilla are a little too simple for me.

PUNBB (http://punbb.org) is definitely the way to go for light, fast and secure. In the same idea, but more feature rich you should try UNB (http://newsboard.unclassified.de/)

#11 Nikhil on 10.04.05 at 12:13 am

I have used http://phorum.org/. I think its simple, fast and very elegant. Everyone who used it here appreciated it a lot.

#12 Salvador Santander on 10.04.05 at 8:57 am

Try mvnforum, it’s very well designed in J2EE.

#13 Fullo on 10.04.05 at 4:17 pm

[all]
As you see I’ve moved the community to FUDforum (I’ve tryed also punBB but the DB import doesn’t work fine).

[ber]
Drupal is more a framework/cms than a simple forum, actually we need a simple, secure and effective community forum. FUDForum (templates apart) is a good solution.

[urbanfalcon]
I’ve forget to restart the db backup script on july.. so I lost two months, now the backup is automatically done every day and stored for a week (7 different backups for week)

phpBB core is also pretty bugged, every week there’s a new critical bug.. Is a simply too much effort to mantain a forum like this ;)

#14 Michael Kjeldsen on 10.04.05 at 9:09 pm

http://www.vbulletin.com/ is quite good, with some nifty features etc

#15 FilSchiesty on 10.06.05 at 3:47 pm

bbPress is very good. Brought to you by the guys behind WordPress.

#16 Pierre-André Vullioud on 10.10.05 at 3:26 pm

http://www.vbulletin.com/ is a very good forum. He is not very expensive and you have a very good support.

#17 Ed Lucas on 10.11.05 at 8:32 pm

I agree with two of the previous posters. http://www.punbb.org/ is simple, elegant, standards compliant, and doesn’t have all the useless features that other boards do.

For an example, check out my recent install for the Vermont Flash User Group: http://www.vtfug.org/

#18 urbanfalcon on 10.11.05 at 11:19 pm

As long as FUD is active, and there are ways to port the data from one bulletin board software to another (because eventually that’s what always needs to be done), no sense in being glued to phpBB. The interface on the replacement is very clean. I agree that Drupal is a bit of an overkill. I use Drupal daily…it’s great stuff, modular, expandable…but it’s a pretty big beast. And being a forum isn’t entirely its strong suit. It would only be worth it if we scrapped WordPress AND the FUD and replaced with Drupal, but again…it only emulates a Forum as a byproduct. In this case, we need a full-powered forum…looks like you found a nice solution. Now if only I could get it to register that I’ve read all my private messages!!

#19 Fullo on 10.12.05 at 8:26 am

urbanfalcon your account should be the same as before with the same privileges.. If you have lost private meggages this mean that those was send later the db backup…

#20 Erwin on 10.12.05 at 10:34 pm

punbb is quit stable and hardened! we use it for some *realy* big forums, where we used to have phpbb hacked twice a week.. It’s great!

#21 Karsten Breivik on 10.13.05 at 10:31 am

I’ve tested a few forums, and I just installed JForum. It seems to be a Java port of PHPBB. As it is J2EE, it should run under any servlet container. I tried it with Tomcat under Windows and with JBoss under linux and it seems to work fine.

And of course, being Java, it beats PHP on performance hands down in both speed and security.

http://www.jforum.net/index.jsp

#22 OvermindDL1 on 10.17.05 at 5:38 pm

I have to agree with the Simple Machines forum as well (www.simplemachines.org), easily one of the most powerful, easiest to use, and secure forums I’ve ever had.

#23 Torin on 10.21.05 at 11:29 pm

In my opinion, nothing can beat Ikonboard ( http://www.ikonboard.com ) for a free board, or vBulletin ( http://www.vBulletin.com ) for a paid board.

Ikonboard is virtually bug free, and is a very stable system.

#24 aykaa on 10.25.05 at 7:24 pm

http://www.punbb.org/

#25 xxx on 10.26.05 at 8:33 am

Check for patch with the cron.

#26 Thunder on 10.26.05 at 10:54 pm

punbb.org – super stuff

#27 Greg on 10.28.05 at 9:58 am

Maybe you should take a look at Vanilla:
http://getvanilla.com and http://lussumo.com/community/

This forum focus on discussions, not useless features, and I perform the French translation.

Hope this will help !

#28 Todd on 10.31.05 at 12:10 am

I have used several forums and my favorite is PunBB.

#29 Charly on 11.01.05 at 8:37 am

Go for XOOPS.. great.. lot’s of extra’s are done through modules.. if you don’t need them.. don’t use them.
Installing is a breeze!! Maintenance even easier..!
Been using it for years!

#30 Jeff Whitfield on 11.03.05 at 4:22 pm

I’d have to put in my vote for Simple Machines (http://www.simplemachines.org/). Probably one of the better forums out there due to its simplicity and ease of use. It’s by far one of the most stable and secure forum apps I’ve ever used. And the kicker is that it’s pretty easy to modify in order to integrate it into something like a CMS. That’s one of the weaknesses of alot of the others (especially PHPBB, which is getting alot of flak due to all the security issues). Although it has quite a few features, SMF isn’t bogged down with a bunch of useless features. Simple Machines tends to keep it fairly straight-forward and simple and lets the users create their own modifications to enhance the functionality.

#31 Dan on 11.06.05 at 1:30 am

And yet another vote for SMF – easy to maintain – a very straightforward transisiton from PHPBB and security, security, security… oh yeah – and a large and active development / support community.

#32 edi on 11.14.05 at 3:48 pm

if you are looking for something like phpbb, definitely smf (simplemachines). does have quite nice convertor from phpbb, also, the threads are imported in such a way, that you can keep most of the references with a couple simple php scripts.

good community, developers, lots of (turn-off-able) features.

afaik, simplemachines is the successor of yabbse

wwell edi

#33 yanko on 11.18.05 at 6:25 pm

I also used PhpBB till I found http://www.simplemachines.org/
very simple instalation via http. you only need to create empty database for the forum. Everything else is made via http

#34 kencheuk on 11.22.05 at 4:16 pm

Simple Machines will be a good alternative. Thanks.

#35 Marcio Carneiro on 12.20.05 at 4:55 am

Hi,
Maybe it is worth to try:
http://www.mediawiki.org/wiki/MediaWiki or
http://wiki.splitbrain.org/wiki:dokuwiki.
Since to write a page and keep a history is important…

#36 Jonathan Yates on 12.21.05 at 2:34 pm

Get http://www.vbulletin.com best forums around and lot safe then phpbb trash, I heard that hosting companys are going take off phpbb off there list because there are so many loopholes

also phpbb.com forum got hacked it too.

I would move from open source to vbulletin and also there half hacks you get with vbulletin are there, phpbb you have hack all day to add stuff.

#37 Stu23 on 03.23.06 at 6:33 am

A vanilla install of phpbb (i.e. with out any mod/hacks) is safe & secure, plus phpbb plus has a lot of issues & it does not surprised me that php-collab forums got hacked with using it.

Try using a vanilla install of phpbb with out any mod/hacks (or only 3 or so) & you keep it updated & forum won’t be hacked again.

Re: I heard that hosting companys are going take off phpbb off there list because there are so many loopholes

phpbb is a LOT safer now as they have fixed a lot of issues.

Re: also phpbb.com forum got hacked it too.

Ummm your incorrect there phpbb.com has never got hacked because of the phpbb forum software, they got hacked due to an issue with Awstats

#38 Ray on 04.16.06 at 9:41 pm

There seem to be some licensing issues regarding Simplemachines (SMF).

You might want to check this out: http://www.hiveminds.co.uk/simple_machines_forum_is_not_free_or_open_source

#39 Axel de Vries on 04.19.06 at 1:38 pm

I’d use Vanilla, I never got hacked or heared that somebody got hacked anyway. You can make backups with ease and you receive feeds with the topics. It’s easy CSS stylable, got many plugins for IP tracking, easy setup, lots of options for kicking etc. I’ve set up a demo for you here: http://axelthefreeze.ax.funpic.de/forum/ but the official site is: http://getvanilla.com/

#40 Cygon on 06.11.06 at 9:09 am

Another vote for PunBB (http://www.punbb.org)!

Its layout is very similar to phpBB, so everyone will feel at home, it’s suited for very large post volumes and althought a lot of people are using it (and replacing their phpBB2 installations) there have been close to zero critical bug reports. Plus, it generates good, valid XHTML, which is a good thing for future browser compatibility.

#41 phpBoards on 06.22.06 at 9:19 pm

My favorit is still phpBB
Although I also like SMF but it looks like they have license issues.

I think phpBB has so many security issues because it’s so popular.
And Olympus looks very promissing. Lets just hope it is ever released.