Problems with PHP-based Forum Software

[wilo]

I just wanted to see if anyone wanted to share their input on security issues they've had with forum software. Personally, by being a week late on updating to the latest version of phpbb (open source), I've been hacked at least 2 times that I remember. One time, I had to restore to a backup that was almost a year old. The other time, the attack was traced to another client running on the server that my site was based on.
I think vbulletin is probably the best protected right now just because it's not free and thus you can't just acquire it and stare at the code for vulnerabilities, but it's pretty alarming how easily it sometimes can be for someone to penetrate a lively part of your website. Considering how forums have become a huge part of may websites in order to build a community, I think it's high time developers stepped the security standards up a notch or two.

[ezekiel97]

i hired a hacker to make sure my phpbb forum isnt hackable...hes my friend..we made our own nuke sentinel for php nuke...its cool.

[incript_services]

Well i use vbUlletin and we have tried to make it little secure with help of some mods.Still wont say its hacker proof.There will be many security problems with it.

[wilo]

so you guys actually modified the core code or something?

[azure]

Well phpbb has several security issues If you are looking for Free Forums Try SMF (simple Machines Forum) for an example see http:\\forum.joomla.org