Posts

Showing posts from March, 2007

Why phpBB might be insecure all time?

Mainly because

1) it's opensource; its source code is open to all curious eyes,thus searching flaws is easy in comparison to a expensive commercial vBulletin forum which doesn't provide its source codes and costs at least $160 per license.

2) it's prevalent and it's free, widely used by forum sites. This entices the attackers as they can exploit one site, they can do thousands of sites. The analogy is same to why hackers put target on the Windows system; cos it's widely used by today's PC users.

2) it has significant vulnerabilities according to different versions,thus the attacker will take advantage of version vulnerablities to crush your forum.


Countermeasures ::


As its source is open and can be freely modified,you should modify the codes to make it more secure.
No doubt,the customized phpBB package will decrease possible attacks cos many webmasters rely on default package installation up and running with no little effort.

What you need first to do is make y…