Jump to content

Donations to switch forum software?


Would you donate  

50 members have voted

  1. 1.

    • Yes
    • No

Recommended Posts


Wait why smf it can be exploited easily through the browser... well the last time i did that was 3 months ago so its probbly fixed

I've yet to see a security hole in SMF that wasn't fixed immediately and most of the holes found have been in the beta/RC stages of 1.0 and 1.1. You even get an announcement about updates as soon as you go to the admin centre and from there it's just a few clicks and the patch can be applied. I can't see how the most newbie of administrators could fail to update their forums in time.

Perhaps you would like to take a look at the track record of other forum software? Do you not remember the masses of hijacked phpBB forums in recent years? I'm not saying phpBB has a reputation for bad security, I'm just saying your point is rather irrelevant when compared to other forum software SMF has been excellent security-wise.

SMF upload XSS vulnerability

Link to comment
Share on other sites

I admit that SMF has had a number of vulnerabilities over the years. But it's still in my opinion a lot better than other forum software with regards to the number and severity of security issues. None of the holes I've seen have ever made me particularly worried as they are only minor things, I've yet to see a single SMF board that has been hijacked, not that SMF is bullet-proof by any means, it just seems to be in my opinion a lot less prone to being exploited. I still maintain that a good administrator can prevent any security issues.

Every vulnerability listing for SMF that I've seen has some sort of negative comment about the SMF development teams attitude to security, if they truly were so reckless then we would be seeing SMF boards being hijacked all the time and the entire userbase would be complaining about it, this isn't happening. If these holes really are such a huge issue then why aren't the discoverers of these holes making all us SMF administrators aware of their significance on the community forums? Thousands of administrators all complaining at once would change any "attitude problem".

Link to comment
Share on other sites

I'm just working to the premis that there all hackable, so having good backups is a must.

Indeed there's always unpublished exploits and the risk of exploits in the related software: webserver, php, sql database etc, or an exploit in another application on the server that could allow an attacker to gain access.

Don't let mine or anyone else's comments on security bias you, you should be choosing forum software based on functionality. Any security issues on any forum software can be mitigated by a good administrator, and as you say backups are critical.

Link to comment
Share on other sites

The problem is that phpbb doesn't have a really good way of dealing with spammers, and that the backend database tends to get slightly corrupted over time. The visible result of that is mostly nuicances like a post not appearing, but being counted for the page flow, allowing you to follow a link to a page in a discussion that has no posts on it. Also, there's been at least 1 occurrance of a post made by person A but being attributed to person B.

Personally, I blame the MySQL backend the most as I just plain think it's a piece of shit database. But I guess it mostly boils down to phpbb being too heavy on the machine combined with the spam thing as being the biggest causes for wanting a change.

Link to comment
Share on other sites

well on my end I have started work on the flash pice that every one will have to watch b4 posting, if it gets desided that way it could help slow down spam, I would also sugest turuning on the option to manualy aprove new mwmbers.. but that just me.

Link to comment
Share on other sites

  • 2 weeks later...

I can give (my personal) recommendation on using SMF. It was very easy to switch from phpBB to SMF. Also I think it's a lot easier/better to moderate/manage than phpBB. And the best part is... I haven't had a single spam register/post after the switch (about 4 months :)).......*knocking wood*

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...