phpbb not secure/safe

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Anti-Spam Guide
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: phpbb not secure/safe

Post by AdamR »

pselestok wrote:What about protecting it from SQL Injection ?
That's one area where phpBB3 excels in terms of security.

While phpBB3 has had "security" fixes, none of them were serious nor would allow someone to come anywhere close to taking over the board/site.

phpBB3's security record: http://secunia.com/advisories/product/1 ... advisories

In my experience of the "hacked" boards I've seen, the board was taken over by either 1) other insecure software on the server which granted full server access or 2) compromised FTP passwords via malware on the user's computer which granted file/server access. None of these are related to phpBB itself.

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton
User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: phpbb not secure/safe

Post by Erik Frèrejean »

pselestok wrote:How about this HERE?
I wonder what you are trying to say with that screenshot, it isn't pointed at a phpBB installation (phpBB doesn't use .asp extensions), and it shows some kind of brute force attack on a MD5 hash. That said phpBB doesn't use plain MD5 but rather a much more sophisticated hashing system.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)
User avatar
Saldash
Registered User
Posts: 619
Joined: Mon Nov 10, 2008 8:08 am
Location: Flintshire, UK
Name: Stuart Jackson
Contact:

Re: phpbb not secure/safe

Post by Saldash »

I am a board moderator on many boards using Vbulletin, MyBB, and phpBB - Never once have I ever encountered a phpbb board that had been compromised that wasn't the owner/founder's fault.

Vb, Mybb? They are another matter completely.. I would place my trust solidly and emphatically on phpBB anytime anywhere. Plus it's free!
World Recoded UK - DreamHost Site of the Month winner February 2011!
simpsona2010
Registered User
Posts: 9
Joined: Sun Nov 21, 2010 2:13 am

Re: phpbb not secure/safe

Post by simpsona2010 »

phpbb uses the most secure method known at this moment of encryption and it is virtually impossible to get there password without grant to the server in the first place so its nearly impossible to hack someones board,

on the other hand this can be done with virus's but my server password and all that crap is jotted down on a piece of paper not the computer so im safe atleast ;)
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51600
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: phpbb not secure/safe

Post by stevemaury »

phpBB does not use encryption - it uses a salted hash. And even with access to the database, the password of a user cannot be determined.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
Locked

Return to “[3.0.x] Support Forum”