• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

phpBB or something else?

J

joezeppy

Guest
Hi,

I recently switched from cPanle to plesk along with my hosting company. My cPanel server was hacked because I had a customer using the old phpBB.

In either event, I'd like to be able to use a bulletin board again, but I'm in withdrawal right now because of my experience. Can I use phpBB? or is there another way to add a bulletin board?

Any suggestions or ideas appreciated.

TIA
 
You pose an interesting question.


The more popular a script is, the more the black hat hackers will examine it to try and find vulnerabilities. And when they do, the script kiddies then take over.

But at the same time, the most popular scripts also tend to be the best, or at least the most flexible/useful.

phpBB and PHP Nuke are good examples of this.

I'm banning the use of PHP Nuke 6.x on our servers because it is so difficult to keep them up to date in terms of security. Patches are released, yes, but they are complex to install and can break things and...

But keeing phpBB up to date is easy.

What I'd suggest is installing phpBB 2.11, which does not currently suffer from any vulnerabilities (that I know of). And if one is discovered, just patch it immediately. It takes 5 mins at the most.

At the same time, be sure to take steps to secure /tmp and so on, and investigate the grsec kernel security patch. Also think about installing mod_security in apache.

I'm currently in the middle of investigating grsec and mod_security. Both are straightforward to install *once you know how*, but ... in the hands of people like me, who do not have huge amounts of experience with such things, there's always the risk of things going wrong :) Lots of experimentation and testing and evaluation on backup/non-live servers is required!

Faris.
 
Thanks

Hi Faris,

Just a thanks for the advice. It's kind of what the consensus has been as I've spoken to our support personnel and other techs. Makes sense.

If you don't mind me pressing the question a bit...

Do you know where I could find more information on how to do the types of things you discussed here.

At the same time, be sure to take steps to secure /tmp and so on, and investigate the grsec kernel security patch. Also think about installing mod_security in apache.
Click to expand...

Best Regards,
 
There are some excellent threads on all these subjects right here in the forums.

Search for /tmp, grsec and mod_security and you'll find lots of different threads. You'll also find loads of stupid questions from me in most of them :)

Also think about visiting www.atomicrocketturtle.com -- you'll find a lot of plesk-related information, not necessarily security-related, but all very useful.

Faris.
 
You must log in or register to reply here.

Similar threads

J
Issue Unable to Access Webmail through Plesk after service changed hands.
Replies
3
Views
2K
Peter Debik
P
B
Issue Migrated from Cpanel: cpcalendars. and cpcontacts. subdomains created in Plesk
Replies
1
Views
2K
webarius
webarius
QWeb Ric
Forwarded to devs Mail not migrating properly if source server is Courier 5
Replies
18
Views
3K
Dave W
Dave W
P
Resolved set handler for .php in symlinked directory
Replies
2
Views
1K
Juul
J
S
Question Faking a domain name in Plesk while site is in DEV mode
Replies
6
Views
2K
lvalics
lvalics
Back
Top