Most Secure Forums
#1

Sadly, I have had some bad experience with SMF recently. My forum was breached, and accounts were compromised.

For this reason I have decided to not use it again.

So here is my question: what is the most secure free forum software?

I don't mind paying for VB or Ipb, but if i don't have to that would be great.
Reply
#2

Before blaming it on SMF, do you have an idea of how that person gained access?
Reply
#3

Mybb is secure enough and easy enough and contains a lot of forum converters, didn't see a 0day exploit for a long long time. IPB is worth it too.
Reply
#4

Quote:
Originally Posted by Infinity
Посмотреть сообщение
Before blaming it on SMF, do you have an idea of how that person gained access?
It was definitely because of some loophole in SMF. Even after re-installing the software and changing all passwords it still happened.
Reply
#5

Quote:
Originally Posted by JustinHD
Посмотреть сообщение
It was definitely because of some loophole in SMF. Even after re-installing the software and changing all passwords it still happened.
Mind mentioning your SMF version?
Reply
#6

Quote:
Originally Posted by XO
Посмотреть сообщение
Mind mentioning your SMF version?
The latest version - SMF 2.0.11
Reply
#7

Seems there is an exploit that enables you to spoof a user cookie and obtain administrator privileges. (2.0.11)
Reply
#8

Quote:
Originally Posted by XO
Посмотреть сообщение
Seems there is an exploit that enables you to spoof a user cookie and obtain administrator privileges. (2.0.11)
This would make total sense - This is what happened to my forums.
Reply
#9

MyBB is your best option. I would recommend following this guide as it contains security tips that will benefit you and prevent you from your site getting exploited again. Aside from your part, make sure the host you're using is not using outdated modules as well.
Reply
#10

Quote:
Originally Posted by XO
Посмотреть сообщение
Seems there is an exploit that enables you to spoof a user cookie and obtain administrator privileges. (2.0.11)
SMF is one of the most widely used free forum software. I really doubt if such a thing can be done. What's the source of this information? And if this is true, its an alarming situation.

@Justin - Are you sure that there was no other possible breach? (Like may be ftp, mysql, etc?)
Reply
#11

Quote:
Originally Posted by Infinity
Посмотреть сообщение
Before blaming it on SMF, do you have an idea of how that person gained access?
This, you can't be blaming sticks here
Reply
#12

You can use IPBoard which is paid (I have used it too). Also it gives you options to secure users account. Although, every forum have some weak points.
Reply
#13

Quote:
Originally Posted by Abagail
Посмотреть сообщение
The fact that you're expressing doubt within the usage "yet" is somewhat alarming. I am sure the OP doesn't want to take a risk using software that "might" have an exploit, whereas it may take a long time before those running such a forum are even notified.
You're not the brightest one, are you? Every software ever made has exploits, so far Node hasn't had many and is holding up on the security front quite well. Can't say that for PHP. It's only a matter of time until someone finds an exploit, this happens everywhere but even then Node will continue to be one of the safest options.
Reply
#14

Quote:
Originally Posted by donB
Посмотреть сообщение
SMF is one of the most widely used free forum software. I really doubt if such a thing can be done. What's the source of this information? And if this is true, its an alarming situation.

@Justin - Are you sure that there was no other possible breach? (Like may be ftp, mysql, etc?)
SMF has always been a bit of a security risk. Every single SMF forum I've ever ran was broken into or otherwise 'hacked'.
Reply
#15

Quote:
Originally Posted by kaisersouse
Посмотреть сообщение
SMF has always been a bit of a security risk. Every single SMF forum I've ever ran was broken into or otherwise 'hacked'.
Any PHP based forum is a security risk, there's code from 2006 left over in the current version of SMF. Same deal with vBulletin. MyBB 1.8 was the best joke I've heard in ages, even after 4 or 5 security patches it's a buggy mess. The only two that are kind of good are Xenforo and IPB, but then again it's written in PHP which is a shit language to begin with. Also, it's not hard to write forum software in Node or Rails, it's basic CRUD.

Honestly, the forums that everyone seems to use are outdated and shit and I don't even understand why everyone's still using them. If you host a SA-MP server, it means you know PAWN (although I can't say that for the thousands of edits) and if you know PAWN you sure as hell know some basic Javascript/Rails/Python/Django, so why is it so hard for these people to move to better platforms such as NodeBB, Discourse, Forem, FlaskBB or DjangoBB. Sure they don't hold your hand as much as PHP based ones do, but you've got to be kidding me if you don't know how to install one of those while you're able to write PAWN.

I'm just going to leave some links below to the above mentioned platforms, you people really need to start living in 2016.

FlaskBB
NodeBB
Discourse
Forem
DjangoBB
Reply
#16

the php bashing in this thread is unreal

every language has its own benefits and drawbacks, y so serious
Reply
#17

Quote:
Originally Posted by Sublime
Посмотреть сообщение
the php bashing in this thread is unreal

every language has its own benefits and drawbacks, y so serious
PHP has too many drawbacks compared to other languages. The languages PHP competes with have the same benefits but not the drawbacks. It's just a shit language. PHP 7 is okay but it should've come out 5 years earlier. We now have Javascript in ES6 and Ruby has matured a lot, literally no good reason to pick PHP over those languages.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)