• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

phpBB or something else?

J

joezeppy

Guest
Hi,

I recently switched from cPanle to plesk along with my hosting company. My cPanel server was hacked because I had a customer using the old phpBB.

In either event, I'd like to be able to use a bulletin board again, but I'm in withdrawal right now because of my experience. Can I use phpBB? or is there another way to add a bulletin board?

Any suggestions or ideas appreciated.

TIA
 
You pose an interesting question.


The more popular a script is, the more the black hat hackers will examine it to try and find vulnerabilities. And when they do, the script kiddies then take over.

But at the same time, the most popular scripts also tend to be the best, or at least the most flexible/useful.

phpBB and PHP Nuke are good examples of this.

I'm banning the use of PHP Nuke 6.x on our servers because it is so difficult to keep them up to date in terms of security. Patches are released, yes, but they are complex to install and can break things and...

But keeing phpBB up to date is easy.

What I'd suggest is installing phpBB 2.11, which does not currently suffer from any vulnerabilities (that I know of). And if one is discovered, just patch it immediately. It takes 5 mins at the most.

At the same time, be sure to take steps to secure /tmp and so on, and investigate the grsec kernel security patch. Also think about installing mod_security in apache.

I'm currently in the middle of investigating grsec and mod_security. Both are straightforward to install *once you know how*, but ... in the hands of people like me, who do not have huge amounts of experience with such things, there's always the risk of things going wrong :) Lots of experimentation and testing and evaluation on backup/non-live servers is required!

Faris.
 
Thanks

Hi Faris,

Just a thanks for the advice. It's kind of what the consensus has been as I've spoken to our support personnel and other techs. Makes sense.

If you don't mind me pressing the question a bit...

Do you know where I could find more information on how to do the types of things you discussed here.

At the same time, be sure to take steps to secure /tmp and so on, and investigate the grsec kernel security patch. Also think about installing mod_security in apache.
Click to expand...

Best Regards,
 
There are some excellent threads on all these subjects right here in the forums.

Search for /tmp, grsec and mod_security and you'll find lots of different threads. You'll also find loads of stupid questions from me in most of them :)

Also think about visiting www.atomicrocketturtle.com -- you'll find a lot of plesk-related information, not necessarily security-related, but all very useful.

Faris.
 
You must log in or register to reply here.

Similar threads

Bitpalast
Question Repeatedly bad experience with Trustpilot - who else made a similar experience with them?
Replies
1
Views
2K
patryk000
P
W
Issue Plesk instructions for Grafana monitoring dashboard are outdated
Replies
5
Views
926
Sebahat.hadzhi
Sebahat.hadzhi
S
Resolved Backup Fails on Plesk Obsidian for Windows — Error (0x80004005) Unspecified error
Replies
2
Views
1K
s.buscemi
S
O
Question How Can I Set Up Email Notifications in Plesk to Alert Me About Issues with the "Locate My Postal Code" Tool?
Replies
0
Views
2K
OusmaneKannon
O
S
Issue Slow client download speeds for large files
Replies
19
Views
3K
NbzSys
N
Back
Top