Korean Job Discussion Forums

[panthermodern]

I want to first state that this thread is not about the moderators but rather the software of this forum.

I have noticed that the basic software of this forum can be modified, for example, the member's list has been removed.

Is it possible to create a thread but limit who can respond to it with out outright locking it?

What exactly are Usergroups and how do they work?

I know there is a Moderators forum, which is not publically accessable, but, could one create another such forum using this program.

And finally; What is the name of the software used and/or could someone suggest another site software.

Thank you.

[the_beaver]

[Stunted Wookie]

phpbb is not an overly secure program...very easy to hack/ remote access etc.
If you are using a forum as a main element of your site I would recomend looking into another program. (security wise)


Do a search on Invision as well; I know that name but am not sure if it is as accessable as phpbb is.

[panthermodern]

Thanks for the info...

[The Lemon]

Wookie may be right about phpbb2's lack of security, but it's very easy to customize and to set up. And it's secure enough for me - anyone who might have wanted to bring down my phpbb2 board hasn't been able to, yet. They're welcome to try.

Panther asked about usergroups - I've got a phpbb2 board running on my own server and I still don't see what the use of the "usergroups" is (though I haven't bothered to find out, either). Anyone know offhand?

One problem with phpbb2 is that if you decide to use a non-standard theme (basically, skin - different colors, layouts, buttons) then it's very difficult to make modifications to the program. You have to edit scripts written in PHP language to do things like removing the "the newest member is trollsock" message from the front screen. Possible but not easy.

[uber1024]

[uber1024]

Hah. And I screwed up the simple task of quoting while talking about database/website vulnerablilities caused by carelessness. The irony.

[Stunted Wookie]

Uber you are on the right track with that.
I am a php/mySQL geek...
Its not the board that has the major flaws (well one BIG one but I'll ignore that for now)
The major problem is the database, anyone can connect with three pieces of info.

The phpbb gives this info away, and no I am not going deeper into what this is..

But the point is that if you are looking for something 'secure' there are newer products available (open source) for a board.

[Bulsajo]

Panther, I know you love talking about the rules and guidelines- take a look at the phpBB.com message forum rules:
www.phpbb.com rules and regulations

[The Lemon]

Wookie: I'm interested in finding out more about this "big BIG" security hole, and the database issue - I'm not doubting you at all, in fact I totally believe you.

If you have some spare time, could you exploit this hole and post something in the hidden forum of my phpbb2 board? It'd be interesting to see happen. If phpbb2 gives away those three pieces of information necessary, it shouldn't take you too long...

Apart from the usual virus and firewall stuff, it's the standard installation of php and mysql, if that's a help.

[camel96]

[camel96]

Oh....the CIM board....?

[camel96]

[panthermodern]

Thanks for all the usefull information ...
Been doing my own research and I wanted a second opinion.

Thanks again.

[uber1024]

Wookie / Camel --

Are SQL injection the techniques you feel would have the best chance of success against a phpbb?

My perspective on site security is that of a developer/administrator. I've never actually tried to get a site to spit back its password list, although my coworker and I, when we started looking into SQL injection vulnerabilities, did get our SQL Server to give us lists of tables. I suppose we probably could have started getting CONTENTS of tables, but I think 5pm rolled around and we went out for beers.

panthermodern --

are you looking to add a messageboard to a site?