Which are the most secure forums platform?

**drpepperONE** · 01-20-2008, 10:42 AM

Hi to all.

I wanna know your opinion about forum platform security.

Which are the most secure??

1]phpBB

2]vBulletin

3]SMF (Simple Machines Forum)

Thank you in advance.

**MaXe Legend** · 01-20-2008, 02:42 PM

I think personally vBulletin is the most powerful and also a good choice if you are
making a forum for real, and not just for fun or small projects.

If you want a small forum with less power, but still a lot security you should go with
SMF seeing as those are quite secure as well. The thing is, as long as you are up to
date 100% all the time, or allmost, and doesn't install 1 million addons, or check the
addon-codes yourself, then your forum should be safe.

I've had my forums for 6 months now, and i've had loads of attacks and pentests on
it, due to some people just think it would be funny to look if something was not coded
correct, or some just wants to see if they can hack my forums.. And so on...

The good thing is i haven't seen that anyone have hacked my forums yet.

phpBB, no, no no no no.. First of, it's slower than SMF and less powerful than vBulletin.
phpBB is simply not a good forum to run, in my oppinion, and try go to milw0rm and
check out how many addons and PoC's have actually been released about phpBB, it's
seriously insane that they have made that many code-flaws.

**drpepperONE** · 01-20-2008, 08:45 PM

Thanks for replay Maxe.

So, You suggest vBulletin, but VBulletin is a commercial product.

So the best choice for free(gnu gpl licensed) is MFS??

Yes I agree with you that phpBB is the most unsecure forum!!!!

Originally Posted by MaXe Legend

I think personally vBulletin is the most powerful and also a good choice if you are
making a forum for real, and not just for fun or small projects.

If you want a small forum with less power, but still a lot security you should go with
SMF seeing as those are quite secure as well. The thing is, as long as you are up to
date 100% all the time, or allmost, and doesn't install 1 million addons, or check the
addon-codes yourself, then your forum should be safe.

I've had my forums for 6 months now, and i've had loads of attacks and pentests on
it, due to some people just think it would be funny to look if something was not coded
correct, or some just wants to see if they can hack my forums.. And so on...

The good thing is i haven't seen that anyone have hacked my forums yet.

phpBB, no, no no no no.. First of, it's slower than SMF and less powerful than vBulletin.
phpBB is simply not a good forum to run, in my oppinion, and try go to milw0rm and
check out how many addons and PoC's have actually been released about phpBB, it's
seriously insane that they have made that many code-flaws.

**KMDave** · 01-20-2008, 09:57 PM

I bought a license for vBulletin some time ago. What you mentioned the biggest downside of it, is that it is not free.

Depending on what you want to do you should either invest the money for some good security and functionality or go with SMF if it is 'just' a little private project.

**drpepperONE** · 01-20-2008, 10:24 PM

Originally Posted by KMDave

I bought a license for vBulletin some time ago. What you mentioned the biggest downside of it, is that it is not free.

Depending on what you want to do you should either invest the money for some good security and functionality or go with SMF if it is 'just' a little private project.

Ok but in what vBulletin is more secure ?

Bug/Buffer overflow?http/php/mysql coding exploit??

User/Password brute forcing?

Anti robot spam??

etc etc ???

Is there a vBulletin vulnerability test report to compare with bhpBB mfs and others??

**MaXe Legend** · 01-21-2008, 01:52 PM

Originally Posted by drpepperONE

Ok but in what vBulletin is more secure ?

Bug/Buffer overflow?http/php/mysql coding exploit??

User/Password brute forcing?

Anti robot spam??

etc etc ???

Is there a vBulletin vulnerability test report to compare with bhpBB mfs and others??

vBulletin haven't had that many exploits, like some of the others.
It have had some XSS issues though, but most of the issues where i
see a vBulletin forum that got hacked, it's due to malicious addons
which aren't safe coded or coded correct.

vBulletin locks a person out after 3-5 wrong tries, it can be changed.

vBulletin also has captcha images, which works good enough for me.
The only times i've had trouble, are real persons registering users, and
then setting up a spam robot, but then you can also set a lot of other
variables, such as how long time a user can make between posts etc.

I haven't seen any test reports, but if you want to invest in something,
i would go for vBulletin, and if it's a smaller project or something like that,
then i would choose SMF forums. (simple machine forums).
(you are mixing MSF and SMF. MSF = Metasploit Framework

)

Just keep in mind, the more addons you have, the more you have to keep
up to date, or check for wrongly coded functions and so on to make sure
your forums are safe.

BackTrack Linux - Penetration Testing Distribution

Thread: Which are the most secure forums platform?

Thread Tools

Search Thread

Display

Which are the most secure forums platform?

Posting Permissions