1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

phpBB or something else?

Discussion in 'Plesk for Linux - 8.x and Older' started by joezeppy, Jan 28, 2005.

  1. joezeppy

    joezeppy Guest

    0
     
    Hi,

    I recently switched from cPanle to plesk along with my hosting company. My cPanel server was hacked because I had a customer using the old phpBB.

    In either event, I'd like to be able to use a bulletin board again, but I'm in withdrawal right now because of my experience. Can I use phpBB? or is there another way to add a bulletin board?

    Any suggestions or ideas appreciated.

    TIA
     
  2. faris

    faris Guest

    0
     
    You pose an interesting question.


    The more popular a script is, the more the black hat hackers will examine it to try and find vulnerabilities. And when they do, the script kiddies then take over.

    But at the same time, the most popular scripts also tend to be the best, or at least the most flexible/useful.

    phpBB and PHP Nuke are good examples of this.

    I'm banning the use of PHP Nuke 6.x on our servers because it is so difficult to keep them up to date in terms of security. Patches are released, yes, but they are complex to install and can break things and...

    But keeing phpBB up to date is easy.

    What I'd suggest is installing phpBB 2.11, which does not currently suffer from any vulnerabilities (that I know of). And if one is discovered, just patch it immediately. It takes 5 mins at the most.

    At the same time, be sure to take steps to secure /tmp and so on, and investigate the grsec kernel security patch. Also think about installing mod_security in apache.

    I'm currently in the middle of investigating grsec and mod_security. Both are straightforward to install *once you know how*, but ... in the hands of people like me, who do not have huge amounts of experience with such things, there's always the risk of things going wrong :) Lots of experimentation and testing and evaluation on backup/non-live servers is required!

    Faris.
     
  3. joezeppy

    joezeppy Guest

    0
     
    Thanks

    Hi Faris,

    Just a thanks for the advice. It's kind of what the consensus has been as I've spoken to our support personnel and other techs. Makes sense.

    If you don't mind me pressing the question a bit...

    Do you know where I could find more information on how to do the types of things you discussed here.

    Best Regards,
     
  4. faris

    faris Guest

    0
     
    There are some excellent threads on all these subjects right here in the forums.

    Search for /tmp, grsec and mod_security and you'll find lots of different threads. You'll also find loads of stupid questions from me in most of them :)

    Also think about visiting www.atomicrocketturtle.com -- you'll find a lot of plesk-related information, not necessarily security-related, but all very useful.

    Faris.
     
Loading...