Print Reseller Scheme
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Creating a forum

Discussion in 'Website Design Forum:' started by doyle369, Feb 10, 2009.

  1. doyle369

    doyle369 Member

    I want to make a forum website
    are the majority of them hand made, or is there a free software programme?

  2. tim

    tim Senior Member

    you looking for a vBulletin thingy or a completely different piece of software?
  3. Greg

    Greg Active Member

    Hi Will,

    There are open source options such as phpBB (although there site seems to be down at the minute) or Vanilla, or commercial options like vBulletin, which is the most popular.

  4. croche

    croche Member

  5. tim

    tim Senior Member

    Yeah, their site was hacked by a flaw in the software ... they got the patch after the site had gone down - lol

    (Edited the link Tim as didn't want any trackbacks to that site :cowboy: Greg
    Edit: fair does Greg, i can understand that :D :batman:)
  6. Sunburn

    Sunburn Active Member

    punbb has always been very fast and light-weight, however suffers from the security issues phpbb does from time to time, as mentioned before your best bet is a paid for solution such as Invision Power Services and vBulletin - Instant Community
  7. Jazajay

    Jazajay Active Member

    Why not just create 1 your self?

    Think about it.
    All a forum is is a form to write a comment that is submitted to a database, you then display the right information as you would a catalogue.

    If you can build an on-line shop a forum is easy TBH, not much difference except you need to learn how to input data as well as outputting it.
  8. Uvex Media

    Uvex Media Junior Member

    The more pertinent question is, why waste your time building your own when there are perfectly good and much more advanced solutions already out there?

    Customise the design and layout and buy a vBulletin licence. Job done.
  9. Jazajay

    Jazajay Active Member

    Yes then relie on other poor programmers coding practise to bring your site security in, WOW yeah sounds a great idea that really does TBH.

    But before you go on the almighty that every programmer is really great and knows what they are doing, {SIGH}.

    Here's a nice report stating that security breaches cost business $1 trillion last year.

    Security breaches cost $1 trillion last year | IT PRO

    That and o yeah Kaspersky recently got hacked, I mean if Kaspersky not safe and they actual have pen testers on thier books, not just programmers two completely different jobs, then what makes you think that a free one is safe, :lol:.
    Kaspersky's US website hacked | IT PRO

    Hummmm now do I want a security problem to effect my site and a massive problem with making sure that every version is patched, because bare in mind it will take me a mere minutes of finding all sites running out patched versions with a well exploited and documented exploit, then I can just go to town hacking them 1 by 1 as most site owners don't patch them as much as they should. I'm ethical so I don't but if I wasn't there is nothing to stop me.

    The reason security breaches cost a flaming trillion dollars last year was because of all these sites that are just all lets use the code and have no comprehension to what it does or the massive amount of vulnerabilities in them.

    Bare in mind a proffessional penetration tester is a 3 year degree on it's own, mainly after you have down 3 years of computer science at uni first. That or you can read the hundreds of hacking books and info, as I do, and the free tools on-line.

    But yeah use a free one and well don't moan when you get hacked, if you know about it in the first place I mean they could just put malware on your site, I think it is up to 1000 sites a week that are hacked just for that alone, and when the search engines detect it give you a nice red error message saying this site will harm your computer, a penalization for supporting Malware and no traffic.

    But by building it yourself you take yourself off the radar as you don't appear in the easy to find sites.

    That and if you know your coding you can easily bring in better features than you can get, better accessibility coding and better rankings due to coding it yourself.


    O I really love people who are just clueless to any of the massive amounts of benefits from not following the crowd and look at it from the angle of yes less work for me as I cut corners.

    Bare in mind I reported a massive vulnerability to Ning, 6 months back and they still haven't patched it!!!!! Or the owner hasn't updated haven't checked, It is a 5 min job, and the vulnerabilities it allows is just huge to any one viewing an infected page. The fact they have allowed it in a production product is scary TBH.

  10. Uvex Media

    Uvex Media Junior Member

    Clueless? Speak for yourself. Are you one of those 'hate big brand types' with an axe to grind?

    You could refer those statistics you've produced to just about any open source or "open to the masses" application on the planet. In fact, any application on the web has security loopholes if the individual trying to get through them has the talent to take you down. Do you really believe that somebody trying to gain access to your system is going to quake in their boots if you're running vBulletin or "Bob's Bedroom Created Forum Software"? It makes no difference what you're running, any system has vulnerabilities, you can only lower your risk so far.

    From a security perspective, I believe you have very little to gain from creating your own application unless of course you have specific requirements that existing solutions don't cater for. To be honest, unless you're development minded, following the crowd is just about the only option available to you.

    You've talked about the benefits of creating your own forum, what about the benefits of using a package already available? Not only do you save time, money and convenience, you get the support of a community of users that identify just about any loopholes/problems in the system which allow for an iterative improvement process. How can you match that with your bedroom created software?
  11. I just use a plug in for wordpress.. it may not be fancy.. but it does the job.. If i had the time to make something from scratch then i would.. but 99% of the time i don't so i have to use what i can find.. IT scavenging seems to be the way things go these days... ho hum :(
  12. Sunburn

    Sunburn Active Member

    imho unless your running a closed network ie NO outside access / terminals / connection and are running preventive dampers then there is no such thing as a safe(ish) system, even such a system / network described above can be hacked by certain methods. (rf -ef -mf etc)

    As far as joe user goes however, out of the box solutions are popular as the majority dont have any understanding of development or coding experience and want something that to the best of their knowledge works, as such they are blind or ignorant to the risks such solutions pose.

    Ultimately its a horses for courses race :)
  13. the question is .. is how sensitive is the data on the forum.. does it really matter? If someone hacks it.. what will they get .. teenages complaining about how their mum won't let them eat cake etc etc.. I don't care if anyone hacks my forum, there's nothing of any use there anyway LOL
  14. Jazajay

    Jazajay Active Member

    @Uvex Media
    {SIGH} You sort of missed the point TBH, as Sunburn rightly says unless it is a closed network yes you still may have problems. I'm not saying that it will be any more secure, well I would love to see some 1 get round my filters especially with file uploads, or even try to crack my custom CMS security login, but that's not the point. The point, is if you create it your self you take yourself off the radar. If you know a site follows the crowd and you know how to hack via the search engines you can find all outpacthed versions of any software on the net, you then look them up for exploits and wella your in with very little trouble or even time wasted.

    By creating it yourself 1 you are not in the list and 2 they don't have a detailed attack strategy they have to take an immense amount of time trying to crack it if your validation protocols are strong and with no point to start with they have to go through every possible attack or start with the most common. Now if you know your stuff you can quite easily protect against them, hell most are a 5 min job, bare in mind I actually hide my server conf, takes time to mask it as Ills when you are running Apache and yes granted could still be got by someone really knowing there stuff but the added time to their attack strategy is all it takes, 99.9% of the time, due to huge amount of easy targets that use custom solutions.

    But the point being is because I created it myself attack routes are not documented and I don't appear in any attack carried out via a search engine. The point that I'm not an easy target then again means I am seriously safer due to the immense amount of easy targets out there.
    Really how many have you created or had created for you?

    No, but if you know what you could do via that Ning exploit you would be scared. I don't even use that site now due to the potential that my personal security is at risk.

    Lets say you have 1000 threads on your DB and the software you use allows for an SQL injection attack, Kaspersky was done via a SQL injection attack I think, then all it would take is for me to add a few lines of special coding and I would delete your entire DB and all those 1000 threads.

    Now if you relie on your threads to bring you ad revenue and you then find that you have an empty forum the answer is yes it does, the level of sensitivity is irrelevant as quite a few hackers just want to do it because they can, and for the recognition of doing it from other hackers, their peers if you like.

    If you then allow for image uploads, for say O I don't know Avatars, and miss 1 section of validation, bare in mind file upload scripts are easy to create you need to spend time on getting them truly secure, then they can upload Malware or even possible take down the server.

    Once Malware is detected you can say good by to all your ranking across board and thus most of your revenue.

    If the server is hosted you will probably acquire a fine from the server company for downtime of every one on the server, lost income due to people coming to your site and getting a 500 error, and your rankings as they would move you to another server more than likely, which can effect your rankings in a negative way.

    Now if I was a competitor there's reason to do it on it's own, data sensitivity is totally irrelevant 9 times out of 10 TBH.

    Jaz :)

Share This Page