I;m just putting the finishing touches on a new forums and found this article pretty helpful....
It's an extremely long-winded article, apparently written for people who don't know what a forum is. It desperately needs an index so that people who have usde a forum before can actually mine it for specific relevant info.
I actually think the templating system of phpbb is great! Was using vB to create a hack for something for an upcoming project today - and found it to be a bit clumsy actually (people seem to love it though?!).
Use phpbb2 on a reasonably big forum myself (almost 3000 members) and it's just not quite a 'rock solid' as I'd like it to be. But for free, it's great. I've modified it to bits, it's not bad in terms of that.
Not a bad tutorial. There are a lot of users who need to be walked through every step. A lot of those users don't even have the patience to read, but for the ones that do, it looks pretty good.
Slightly disappointed that my site wouldn't be included as a related link, but at the same time, I don't know if the author has been in the phpBB community for any length of time.
Did that article say anything about phpBB's template system being bad or it not being able to handle large databases? I skimed it and didn't catch any of it, but I may have missed it.
Gavin, the templating system was the biggest weakness with vBulletin. Verson 3.0 has much improved on that. But, once you've got your skin in place on it, vBulletin is so much easier to work with it's silly. Actually, for the simple things, vBulletin is easier to customize than phpBB. For example, if I wanted to add a sponsor's link in a category header I could do it from within the admin control panel in vBulletin. I really got very tired of phpBB when I was running a hosting company. I lost track of how many times a customer's phpBB site got hacked into and we had to help them restore their site. Only happened with phpBB, for some reason.Originally Posted by platinum
Yep - I mean it's not "bad", I just prefer editing the actual template files rather than stuffing around copy and pasting back and forth through a tiny little textarea
But, I did get the hang of it though... managed to create a nice little tutorials script to integrate with vB in the end
And yeah, phpbb does seem to get hacked a LOT. Mine has been (although it was nothing bad) and <edit> don't worry
Well, that happens when people don't make security updates with any script, which is most likely the reason that it was hacked. I do acknowledge that phpBB has had a lot of security updates and I've been a victim to many hackings myself (0 during phpBB 2 and like 30 during phpBB 1).
As far as Gavin's comments...
Yeah, the templating system in phpBB isn't too bad. I don't think its super fantastic, but I am able to customize stuff in a relatively short amount of time, which is nice.
I run phpBBs with 6k users/60k posts and 2.2k users/106k posts and I haven't noticed anything less than "rock solid," not sure what that constitutes anyway.
I have always said that if you can afford vBulletin, it is a nice script, but if you can't or don't want to, phpBB can be virtually as good and at the end of the day, it is the forum administrator and his or her effort into the forum that will determine if it is a success.
It didn't say anything other than the absolute basics of creating categories and how to post.Originally Posted by iFroggy
I was hoping for some comment on the templating system as well.
Originally Posted by iFroggy
So, the blame for this is all on the end user then? Nothing to do with the script itself not being coded securely in the first place? Nothing to do with hackers targeting phpBB sites because they're an easy target? Funny how it didn't seem to happen to any of our customers on Invision or vBulletin who didn't keep up with updates.
I didn't say that.
I admitted that phpBB has had quite a few security issues and that I have experienced several myself, all with phpBB 1.
I put a lot, if not most, of the blame on the developers. I also believe it is good practice and a responsible practice to keep the scripts that you use updated and running in the most secure way (including deleting all of the files you are supposed to delete, such as install files and password protecting admin directories). That is as much as I was saying.
I would imagine that some would target phpBB if they found a "crack" for it. Mostly people that do this just found a little script or found out how to do something, so they do a search for the phpBB version (Google: "Powered by phpBB 2.0.0") and then they run their little script and see if it works. phpBB does have more cracks out there, I would imagine because of its widespread use and well documented security problems in the past.
You are correct about people should update their sites more often. I've kind of wondered about the other thing I said, how it seems that a certain type of hacker targets phpBB over the other scripts. I don't necessarily believe that it's because phpBB is an easy target. You have any idea why people target phpBB sites for hacking? Some of the sites I've seen hacked into are very inoffensive, sites that you wouldn't normally see anyone getting upset at, and not especially high profile enough to get that much attention at all in fact. Just seems to me like these guys go through Google searching for phpBB sites randomly. Dunno why phpBB, though.
Yeah. As I said above, I think there are a few reasons for it.
Its widespread use (I believe it is the most used forum software on the Internet?) is one reason.
Its documented security problems in the past are another. This has created a stigma I feel that phpBB is "unsafe" to some and also to people who want to screw about with peoples sites, it is a target. All they need to do is go to a cracking site and get a phpBB crack for an old version and then search for the phpBB version on Google and they can probably take it down.
I have had one phpBB 2 hacked. It was a test phpBB on a server of mine. It had 1 user and 1 post and was linked to in one spot only. I forgot about it and it was an old version (like 2.0.1). One day, I went to it and saw it had been hacked. lol Its really just losers with too much time on their hands.