Best, secure forum?

[Toodles]

I was using a phpbb which allowed someone to hack into my website and then into my server which cost me thousands of dollars. So I'm looking for a forum that's more secure and doesn't allow people to easily hack into it  :-/

Anyone have any suggestions?

[Zylstra]

Try YaBB
http://www.yabbforum.com/

Its going to be even more secure as soon as YaBB 2.2 comes out

[Rob Pomeroy]

Of the free offerings, Simple Machines Forum is IMHO better.  But if you're looking for a secure forum, you would be best advised to search for one that is advertised on the basis of its security.  It is likely to be expensive, but in your case that is probably worthwhile.

But before you do that, could I just ask - why was it so expensive?  You weren't stored important data files on your web server were you?  A frontline webserver needs to be protected and separated from other mission-critical roles for this very reason (damage limitation).  You also need a bulletproof backup plan.

In short, get professional help.

[Toodles]

It cost me that much in fines from the server that hosted me. The hacker came after me through my forum and froze the entire server effecting over 300 other websites. I know the people involved with the hacking so I'm going to try and make them pay for the damages, but the case it still pending.

But meanwhile, I wanted to get a new forum sometime soon and I didn't want a repeat of what happened, so I'm looking for a forum that wouldn't allow easy hacking.

[Rob Pomeroy]

Fines?  That's baloney.  The fact is that your webhost is clearly running its webserver in an insecure manner, if a security hole in one customer's website allows other customers' websites to be affected.  I'm sorry but I think they are pulling a fast one on you.  They are responsible for their own security and their own backup schedules.  Don't pay the fines; find yourself a decent web host.  In the meantime, my recommendation stands.

[unlovedwarrior]

whos your web hoster?

[Toodles]

Well, there's a lot more to it than just that. I understand the fines and I think they need to be paid, just not by me.

Googling for secure forums mostly brings up sites where people are discussing secure forums, and it seems there's no real such thing as a fully secure forum. Forums with open source are easier to hack, but they all have security holes reguardless. I want a new forum, but I'm paranoid of the past repeating itself.

Phpbb seems the most looked down on and I see more votes for vBulletin, but I can't afford vB. I guess I'll try Simple Machines Forum. I'm still not sure though.

[Rob Pomeroy]

Well, there's a lot more to it than just that.

Go on, we like stories.  

Forums with open source are easier to hack

Only from a certain point of view.  Code examination is just one tool for detecting weaknesses.  Open source software's major strength is that the source code is available - this means that MORE people examine the code, and the security holes are not only spotted, but plugged.  Certainly faster than the security holes in  - oh, say, Windows, plucking some other software out of the air entirely at random...

I'm not persuaded that the problem doesn't lie with your host.

[soybean]

It cost me that much in fines from the server that hosted me. The hacker came after me through my forum and froze the entire server effecting over 300 other websites. I know the people involved with the hacking so I'm going to try and make them pay for the damages, but the case it still pending.

But meanwhile, I wanted to get a new forum sometime soon and I didn't want a repeat of what happened, so I'm looking for a forum that wouldn't allow easy hacking.

Did you attempt to verify the legal right of the hosting service to assess fines against you?  Does your agreement with them address such matters?  Did they provide the phpBB forum software for you to install?  Presumably, having a forum is clearly stated by them as one of the benefits of using their service.  Right?  So, doesn't this make you  wonder about their legal right to assess fines against you?  I would have guessed the impact of such a hacking occurrence would have been born by them, not any customer who is merely used the normal services provided their accountholders.

[Toodles]

I installed the phpbb, the hosting doesn't come with it. The hacker and his supporters made threats to hack the forum in posts on the forum. They weren't taken seriously until it was too late. So poof goes my forum along with all the sites on the server. Some were damaged to the point of having to be completely redone.

A lot of people suffered because a couple of immature kids couldn't get my admin, who I left in charge while I went away to school, to allow them to post a image I banned them from using like 6 months prior. There should be a fine. But they should pay for it.

[Rob Pomeroy]

I still disagree.  The security of a web server is the responsibility of the company providing that service, NOT the people who USE that service.  I work for an ISP - we host thousands of websites.  If one of those websites caused an insecurity that wiped out all the other websites, our customers would be suing us (not the hacker and not the owner of the particular website), and quite frankly they'd be right to.

[Toodles]

Well, I'm not really worrying about the fine. I'm more worried about not letting the hackers get away with what they did.

I'd be better off on a dedicated or virtual dedicated server, but I can't afford either right now. Even if there was no fine, I still feel bad because of all those other people who had to suffer and lose money because of something stupid that orienated from my forums. And I really wouldn't want to put those people through that again.

The hacker already returned to my site after I got it back up and running, bragging on my Cute News comments section about what he did. So I know he'll return to my forums once I make a new one. That's why finding a more secure forum is something important to me.

[unlovedwarrior]

report him to your web host

give them a link to what he said


and why is this hacker attacking you

[Rob Pomeroy]

If you have a broadband connection to the internet and your forum is not too busy (bandwidth), you could consider hosting the website from your own server...

[Toodles]

I don't have a computer that could stay on to be used as a server. Actually, right now, I don't have my own computer. I'm borrowing someone else's. My computer had a strange death the day before my site got hacked. This is just not my year...

Why I got hacked is still puzzling to me. It's a long story, but basically there were three members on my forum who didn't like the way it was run and didn't like the rules I put down and when they got in trouble for breaking those rules, they sought revenge. Apparently they think they can make people "conform" to their ways of thinking. At least that is what the hacker said on my site after I got it back up and running.