phpBB is a very bad choice for forum

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
mladen074
Registered User
Posts: 1
Joined: Sat Apr 28, 2012 8:57 am

phpBB is a very bad choice for forum

Post by mladen074 » Sat Apr 28, 2012 9:23 am

Hi,

I'm really frustrated with this peace of "software", which is so old and deprecated in its very design, that I had to leave this comment, for future poor souls, who decide to use it.

First of all, I've installed the latest version of phpBB and in just 2 days, I've got hundreads of bots registered and spamming the forum :))) Isn't it beautiful? :) So, obviously, the first thing that phpbb is lacking is a proper anti spam measure.

Next, I came here to ask for help and figured I've forgotten my user/pass for this forum, so I tried to click "I forgot my password" link. While expecting the process to be quick and effective, I've realized that the process is not only difficult and ridiculous, but most probably I won't ever be able to get my password reset, because I forgot my username too. All the other well designed web applications have an easy to use method for password retrieval/resetting (like Joomla for example), so you developers should really look into it and learn the proper way to do something instead of implementing something that's user-unfriendly and it also doesn't bring any positive feedback at all.

Then, I tried members search, just to figure out I need to be registered on this forum to do so :))))) "How more ridiculous this can get" I've asked myself :) It wasn't even frustrating anymore, it became funny :) So, I need to register a new account just to find out what was my username? :))) What a brilliant logic this is :D Of course, you can always argue it's because of the "security", but all of us, who know how to properly write the code, we all know that security through obscurity is never a good choice and sooner or later it fails. Especially when you have such a good friend as Google, which gave a nice list of members, which showed me no known username of mine, so in the end, to make things easier, I've created a new account, just to write this post :)

Next step of mine is to remove the phpBB installations from all of my domains I've installed it at, but first I'll have to write some utility to clean up their databases of the massive spam attack that we've had and also I'll need to write some conversion scripts that will help me extract the relevant data from db, to be able to get rid of the phpBB installations once and for all.

Btw, does phpBB still use "modifications" (i.e. hacking core system files) instead of implementing plugins/modules, like any other normal software? I really can't believe that in 21st century you guys still follow that ancient logic of hacking core files, just to add some simple functionality, with the effect of making entire system not able to upgrade anymore..

Well, I've said enough. If anyone, after all of this, still wants to use this garbage, I wish them all the luck in the world, because they will need it, a lot. And to developers of phpBB, I'll just say it's time to grow up, get mature and write some seriously different piece of code, to keep up with the age we are all in. Also I won't read any replies to this post, because I don't want to start any kind of fight, I just wanted to express my frustrating experience with phpBB, which is luckily soon to be ended.

User avatar
JimA
Community Team Leader
Community Team Leader
Posts: 7660
Joined: Thu Jul 31, 2008 5:54 am
Location: The Netherlands
Name: Jim Mossing Holsteyn
Contact:

Re: phpBB is a very bad choice for forum

Post by JimA » Sat Apr 28, 2012 11:44 am

You are completely free to have any sorts of criticism at phpBB and its working.
However, as this is not a support request, topic's been moved to phpBB Discussion.

Secondly, I will try to address some of your concerns.
First of all, I've installed the latest version of phpBB and in just 2 days, I've got hundreads of bots registered and spamming the forum )) Isn't it beautiful? So, obviously, the first thing that phpbb is lacking is a proper anti spam measure.
When we start to introduce a new spam-free system in phpBB, like a new sort of CAPTCHA, it's just a matter of time before it gets broken and we have to start all over again, as we're one of the biggest board creators in the world, therefore we now have added the Q&A CAPTCHA. For that to work however, you have to set your own question first, which is why it can't be on by default, read here for more info.
Btw, does phpBB still use "modifications" (i.e. hacking core system files) instead of implementing plugins/modules, like any other normal software? I really can't believe that in 21st century you guys still follow that ancient logic of hacking core files, just to add some simple functionality, with the effect of making entire system not able to upgrade anymore..
This is a much-heard concern and we are currently on implementing such a kind of system in our future versions, until then, AutoMOD is a fine option to install modifications in a few clicks. :)
Image Jim Mossing Holsteyn - Community Team Leader
Knowledge Base | Documentation | Board rules

If you're having any questions about the rules/customs of this website, feel free to drop me a PM.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50859
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: phpBB is a very bad choice for forum

Post by stevemaury » Sat Apr 28, 2012 5:52 pm

I am curious as to how more "advanced" BB software keeps bots from registering.

I can state that the tools phpBB provides to stop bot registrations are 99.999% effective IF THEY ARE USED.

As phpBB comes by default, bot users are not able to post without prior approval, so I presume you changed the default setting. Or else the posters are Guests and you specifically allowed guests to post. By default, they cannot.

In fact, if you had asked for assistance here instead of making assumptions, you would not have had that issue.

Also, adding MODs does not interfere with upgrades.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

User avatar
noth
Registered User
Posts: 2481
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Re: phpBB is a very bad choice for forum

Post by noth » Sat Apr 28, 2012 5:57 pm

I certainly do still want to use this garbage

I know it and I love it

interesting how mladen does not specify what it is he is actually moving onto which is SOOOOO much better
can state that the tools phpBB provides to stop bot registrations are 99.999% effective IF THEY ARE USED.

100% in my experience but people see human spammers getting through and straight away slate the system before realising it's NOT a bot

the Q&A CAPTCHA is gold, every site I have enstalled it on (properly) no bots have got through

and the human spammers who have got through I can count on one hand

phpBB3 may be 5 years old, but it is still doing as good a job now as it did back in 2007 :P

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: phpBB is a very bad choice for forum

Post by Marshalrusty » Sat Apr 28, 2012 7:50 pm

mladen074 wrote:Then, I tried members search, just to figure out I need to be registered on this forum to do so :))))) "How more ridiculous this can get" I've asked myself :) It wasn't even frustrating anymore, it became funny :) So, I need to register a new account just to find out what was my username? :))) What a brilliant logic this is :D Of course, you can always argue it's because of the "security", but all of us, who know how to properly write the code, we all know that security through obscurity is never a good choice and sooner or later it fails.)
These terms; they don't mean what you think they mean. For example, you're completely misusing "security through obscurity", which makes me think you just Googled for it without actually understanding how it's applied correctly. With that broad of an interpretation, you might as well just apply it to the very concept of permission levels.
mladen074 wrote:Then, I tried members search, just to figure out I need to be registered on this forum to do so :))))) "How more ridiculous this can get" I've asked myself :) It wasn't even frustrating anymore, it became funny :)
But you don't need to be a registered user to use the search. I even made sure in case something was broken and, nope, it works just as intended, for guests and all. If you mean the memberlist, then that whole section is very intentionally unavailable to guests, so naturally you cannot search through it. The vast majority of websites will not let you search through their list of members without an account, if at all.
mladen074 wrote:Especially when you have such a good friend as Google, which gave a nice list of members, which showed me no known username of mine, so in the end, to make things easier, I've created a new account, just to write this post :)
Google's crawler can't access the members-only areas any more than you can, so it's no surprise that you didn't find anything.

Actually, all you had to do was contact us and ask for assistance getting into your account. I answer half a dozen such emails daily. The error message when you login unsuccessfully even tells you to do so and provides the email address to use.
mladen074 wrote:Also I won't read any replies to this post, because I don't want to start any kind of fight
Right...

The valid arguments your brought up were lost in a sea of snobbishness and arrogance, which makes me say: mladen074 is a very bad choice for forum user.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

uuiiuu
Registered User
Posts: 127
Joined: Wed Jan 25, 2012 12:01 pm

Re: phpBB is a very bad choice for forum

Post by uuiiuu » Sun Apr 29, 2012 10:58 am

phpbb have a great anti-bot system
if you dont know how to use it its your problem

what do you prefer? mybb? with the lame designs looks like the 90' websites
punbb? sucks!
VB? expensive, and suck designs, you need to be a good programmer in order to get a great design on vb

about the forgot my password, if you dont have passionts to hold on 1 minute threw a simple process then you have a problem.

phpBB is the greatest forum system there is, wuth a few modifications you can make it the best forum ever

you just dont want to put time to it...

User avatar
MichanForo
Registered User
Posts: 19
Joined: Tue Mar 01, 2011 7:53 pm
Location: Mallorca
Contact:

Re: phpBB is a very bad choice for forum

Post by MichanForo » Sun Apr 29, 2012 8:02 pm

What are you saying? It doesn't make sense... You simply did everything bad in your forum, and even in SMF, vB, MyBB and others CMS, if you configurate your forum bad, there will be millions of bots in a few days... :lol:
If phpBB would be a bad choice, maybe it wouldn't exist... but here we are!

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: phpBB is a very bad choice for forum

Post by Pony99CA » Mon Apr 30, 2012 9:56 pm

If the Installation file/ReadMe doesn't talk about spambots, maybe it should. I see numerous spam complaints in the Support forum which might be easily solved by adding a little extra to the installation documentation.

I would specifically mention configuring the following:
  • Q&A CAPTCHA
  • Newly Registered Users group
  • Guest posting (both how to turn off and how to allow with CAPTCHA)
It's been a long time since I looked at the installation documents, so if it's there already, great. :)

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50859
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: phpBB is a very bad choice for forum

Post by stevemaury » Mon Apr 30, 2012 11:22 pm

If they won't read the Sticky "Preventing spam in phpbb" what makes you think they'll read the documentation?
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: phpBB is a very bad choice for forum

Post by Pony99CA » Tue May 01, 2012 1:57 am

stevemaury wrote:If they won't read the Sticky "Preventing spam in phpbb" what makes you think they'll read the documentation?
I thought the answer was rather obvious, but OK. They need to read the installation documentation to, well, install phpBB (unless they're using a one-click tool, which is another issue). They may only need to look at the board to get support if there's a problem or question -- and then they're often too focused on what they're trying to ask to look around.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: phpBB is a very bad choice for forum

Post by callumacrae » Tue May 01, 2012 5:40 am

Pony99CA wrote:If the Installation file/ReadMe doesn't talk about spambots, maybe it should. I see numerous spam complaints in the Support forum which might be easily solved by adding a little extra to the installation documentation.

I would specifically mention configuring the following:
  • Q&A CAPTCHA
  • Newly Registered Users group
  • Guest posting (both how to turn off and how to allow with CAPTCHA)
It's been a long time since I looked at the installation documents, so if it's there already, great. :)

Steve
I first read the installation instructions two weeks ago. I don't think I'm alone in the fact that I didn't need them :-)
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Ger
Recognised Extension Developer
Posts: 1887
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: phpBB is a very bad choice for forum

Post by Ger » Tue May 01, 2012 7:46 am

I'd say that after install, one should be provided a link to the spambot countermeasures tool in ACP, explaining that a Q&A setup is recommended.
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: phpBB is a very bad choice for forum

Post by Marshalrusty » Tue May 01, 2012 8:11 am

To be fair, we don't write documentation for people who don't read it anyway (whether it's because they don't need it, don't know that it's there, or are too ignorant). As long as there is documentation, which is probably forever, we might as well strive to make it useful. To that end, Steve's (of the Pony variety) point is spot on.

Nearly every phpBB administrator will have to deal with the spam issue, so it seems like a natural thing to mention in the README. On the other hand, the README is not the place to elaborate on topics in detail. If any of you would like to file a ticket and submit a short section on spam for the README, I have added a static link for spam prevention (http://www.phpbb.com/support/spam/). It currently just redirects to the topic, but we may create a landing page for it at some point.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: phpBB is a very bad choice for forum

Post by Pony99CA » Tue May 01, 2012 8:42 pm

callumacrae wrote:I first read the installation instructions two weeks ago. I don't think I'm alone in the fact that I didn't need them :-)
At the very least, people should read them to ensure that they get the folder permissions correct.
Marshalrusty wrote: Nearly every phpBB administrator will have to deal with the spam issue, so it seems like a natural thing to mention in the README. On the other hand, the README is not the place to elaborate on topics in detail. If any of you would like to file a ticket and submit a short section on spam for the README, I have added a static link for spam prevention (http://www.phpbb.com/support/spam/). It currently just redirects to the topic, but we may create a landing page for it at some point.
A link in the ReadMe to a concise set of instructions should be sufficient (as long as the ReadMe file is HTML, which I don't remember; having to copy a link from a text file is annoying and may prevent some people from doing it).

As it's my suggestion, I'm happy to open a ticket in the bug tracker, but I'm less sure about writing the section for the file.

UPDATE: The Improvement request is created: PHPBB3-10861. If you want to propose some text to include, please add it as a comment to the report.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Son of a Beach
Registered User
Posts: 294
Joined: Fri Sep 07, 2007 1:36 am
Location: Tasmania
Contact:

Re: phpBB is a very bad choice for forum

Post by Son of a Beach » Wed May 02, 2012 1:40 am

Q&A Captcha could be configured as the default for new installs, and the install procedure could make it compulsory to either change the Captcha to something else (with relevant warnings) or to supply at least X number of Q&A Captcha questions and answers.

That would immediately resolve the problem for most new installs, and would not be a significant burden to people doing the install.

Locked

Return to “phpBB Discussion”