bytech
Joined: 01 Jun 2005
Posts: 38
|
| Forum mods and Security |
|
|
I've been doing some surfing on the couple of sites that are homes for the mods we've installed here. To my horror, one of these had a couple of security fixes which are supposed to be a high security risk.
I am now considering removing the "vanity" mods as a result. God knows it'll only be sooner or later before we miss a fix and things are left unpatched. Am I being a little too paranoid, or is this something that the other forum owners here worry about?
|
Wed Jun 01, 2005 7:08 am
|
|
|
Thermit
Site Admin
Joined: 11 Aug 2004
Posts: 272
|
Some mods are safe, some may have associated risks.
For example, providing pre-uploaded images to select for an avatar gallery is pretty safe, but allowing the upload of images can be a backdoor to get executables onto your server if not coded well, so I think it depends.
|
|
Wed Jun 01, 2005 5:28 pm
|
|
|
servingyounow
Joined: 29 Jun 2005
Posts: 3
|
You'd be surprised there are a lot of security holes in phpBB forums.
The mods are almost always found to have a hole here or there.
Another point of interest is actually how many people will use these against a simple forum ?
It gives them no real edge, just wow, at most, Admin access or an MD5 encrypted password string that will take them months if not years to break; and by the time they break it, your site passwords will have most likely been changed and will be rendered useless.
I dont see how anyone would want to spend the amount of time it would take to come after this site unless they were truely and enourmously angry with this site. (Wether you agree or not, i wouldn't understand for the life of me why anyone would want to harm this site)
_________________
ServingYouNow, Not Later
|
|
Wed Jun 29, 2005 3:17 pm
|
|
|
bytech
Joined: 01 Jun 2005
Posts: 38
|
|
|
|
If there is a known security flaw, the hacking can take 5 minutes. Seriously. No admin password cracking required. And yes, there are a lot of poeple with no life hitting on poor lil forums just to get their names on the page and say "hi jessica" to impress their wanna-be-girlfriend.
The mods was the main reason we started purchasing invision for all the forums we lead. While I don't care about bells and whistles, things like image verification for signups are important to me. phpBB doesnt include enough out of the box, and I didn't want to deal with the many mods that have to be worked around when upgrading to a new version. I still love phpBB, and hope it becomes the biggest and best all around... I am a HUGE open source advocate. But this is one area where I was not able to use it (although in a lot of ways invision IS open source since the full version is not encoded in any way).
Our newest project which is also made possible with invision is a single login for two of our forums. Create an ID on one, and you can access the other with the same password and ID. No mod required. Future versions of Invision should allow us to permit logins with ANY user ID and password. Be it Gmail, M$s passport, or anything else you can imagine... don't ask how, for I will not be able to answer that question. 
|
|
Thu Jun 30, 2005 11:09 pm
|
|
|
Thermit
Site Admin
Joined: 11 Aug 2004
Posts: 272
|
phpbb has image verification for sign-ups out-of-the-box now...
Do you think IPB is picking up steam?
|
|
Sat Jul 02, 2005 6:05 pm
|
|
|
bytech
Joined: 01 Jun 2005
Posts: 38
|
I am not sure how well IPB is doing in general, but if the traffic on the forum is an indicator, they must be doing very well. Take the Beta2 releae of 2.1: posted about 36 hours ago, and the thread has been read 1,700 times. This morning Beta3 was release. People love Matt, and about half of the members on the forum have tags attached to their names that say (proud IPB client). If a company can achieve such status, they are definatelly on the right pathway.
2.1 has a rich text editor that looks very, very nice, and some people seem to be awaiting 2.1 with more impatience than they await Xmas present opening.
|
|
Fri Jul 15, 2005 5:00 pm
|
|
|
bytech
Joined: 01 Jun 2005
Posts: 38
|
I was looking at invision's alexa stats, and they just jumped 20% in the last few days. I think v2.1 is starting to spread like wildfire.
|
|
Sun Jul 31, 2005 5:40 am
|
|
|
 
|
|
All times are GMT. The time now is Thu Feb 09, 2012 6:31 am
|
|
|
|
| |
