Creating a forum
- Thread starter doyle369
- Start date
croche
Member
Most forums use Invision Power Services :: Community :: Board :: Home and vBulletin - Instant Community but they both cost vBulletin - Instant Community is the one used for this forum..
There are some free ones out there but i wouldnt go with them. use vBulletin - Instant Community or Invision Power Services :: Community :: Board :: Home even though they cost there the best and its worth going for the best.
Hope it helps
Chris
Edit: i was a bit slow at typeing this but i will leave it up
There are some free ones out there but i wouldnt go with them. use vBulletin - Instant Community or Invision Power Services :: Community :: Board :: Home even though they cost there the best and its worth going for the best.
Hope it helps
Chris
Edit: i was a bit slow at typeing this but i will leave it up
tim
Senior Member
Yeah, their site was hacked by a flaw in the software ... they got the patch after the site had gone down - lol
http:// hackedphpbb.blogspot.com/2009/01/place-holder.html
(Edited the link Tim as didn't want any trackbacks to that site :cowboy: Greg
Edit: fair does Greg, i can understand that
:batman
Jazajay
Active Member
Why not just create 1 your self?
Think about it.
All a forum is is a form to write a comment that is submitted to a database, you then display the right information as you would a catalogue.
If you can build an on-line shop a forum is easy TBH, not much difference except you need to learn how to input data as well as outputting it.
Think about it.
All a forum is is a form to write a comment that is submitted to a database, you then display the right information as you would a catalogue.
If you can build an on-line shop a forum is easy TBH, not much difference except you need to learn how to input data as well as outputting it.
Uvex Media
Junior Member
The more pertinent question is, why waste your time building your own when there are perfectly good and much more advanced solutions already out there?Jazajay said:
Customise the design and layout and buy a vBulletin licence. Job done.
Jazajay
Active Member
{SIGH}
Yes then relie on other poor programmers coding practise to bring your site security in, WOW yeah sounds a great idea that really does TBH.
But before you go on the almighty that every programmer is really great and knows what they are doing, {SIGH}.
Here's a nice report stating that security breaches cost business $1 trillion last year.
Security breaches cost $1 trillion last year | IT PRO
That and o yeah Kaspersky recently got hacked, I mean if Kaspersky not safe and they actual have pen testers on thier books, not just programmers two completely different jobs, then what makes you think that a free one is safe, :lol:.
Kaspersky's US website hacked | IT PRO
Hummmm now do I want a security problem to effect my site and a massive problem with making sure that every version is patched, because bare in mind it will take me a mere minutes of finding all sites running out patched versions with a well exploited and documented exploit, then I can just go to town hacking them 1 by 1 as most site owners don't patch them as much as they should. I'm ethical so I don't but if I wasn't there is nothing to stop me.
The reason security breaches cost a flaming trillion dollars last year was because of all these sites that are just all lets use the code and have no comprehension to what it does or the massive amount of vulnerabilities in them.
Bare in mind a proffessional penetration tester is a 3 year degree on it's own, mainly after you have down 3 years of computer science at uni first. That or you can read the hundreds of hacking books and info, as I do, and the free tools on-line.
But yeah use a free one and well don't moan when you get hacked, if you know about it in the first place I mean they could just put malware on your site, I think it is up to 1000 sites a week that are hacked just for that alone, and when the search engines detect it give you a nice red error message saying this site will harm your computer, a penalization for supporting Malware and no traffic.
But by building it yourself you take yourself off the radar as you don't appear in the easy to find sites.
That and if you know your coding you can easily bring in better features than you can get, better accessibility coding and better rankings due to coding it yourself.
:lol:
O I really love people who are just clueless to any of the massive amounts of benefits from not following the crowd and look at it from the angle of yes less work for me as I cut corners.
Bare in mind I reported a massive vulnerability to Ning, 6 months back and they still haven't patched it!!!!! Or the owner hasn't updated haven't checked, It is a 5 min job, and the vulnerabilities it allows is just huge to any one viewing an infected page. The fact they have allowed it in a production product is scary TBH.
Jaz
Yes then relie on other poor programmers coding practise to bring your site security in, WOW yeah sounds a great idea that really does TBH.
But before you go on the almighty that every programmer is really great and knows what they are doing, {SIGH}.
Here's a nice report stating that security breaches cost business $1 trillion last year.
Security breaches cost $1 trillion last year | IT PRO
That and o yeah Kaspersky recently got hacked, I mean if Kaspersky not safe and they actual have pen testers on thier books, not just programmers two completely different jobs, then what makes you think that a free one is safe, :lol:.
Kaspersky's US website hacked | IT PRO
Hummmm now do I want a security problem to effect my site and a massive problem with making sure that every version is patched, because bare in mind it will take me a mere minutes of finding all sites running out patched versions with a well exploited and documented exploit, then I can just go to town hacking them 1 by 1 as most site owners don't patch them as much as they should. I'm ethical so I don't but if I wasn't there is nothing to stop me.
The reason security breaches cost a flaming trillion dollars last year was because of all these sites that are just all lets use the code and have no comprehension to what it does or the massive amount of vulnerabilities in them.
Bare in mind a proffessional penetration tester is a 3 year degree on it's own, mainly after you have down 3 years of computer science at uni first. That or you can read the hundreds of hacking books and info, as I do, and the free tools on-line.
But yeah use a free one and well don't moan when you get hacked, if you know about it in the first place I mean they could just put malware on your site, I think it is up to 1000 sites a week that are hacked just for that alone, and when the search engines detect it give you a nice red error message saying this site will harm your computer, a penalization for supporting Malware and no traffic.
But by building it yourself you take yourself off the radar as you don't appear in the easy to find sites.
That and if you know your coding you can easily bring in better features than you can get, better accessibility coding and better rankings due to coding it yourself.
:lol:
O I really love people who are just clueless to any of the massive amounts of benefits from not following the crowd and look at it from the angle of yes less work for me as I cut corners.
Bare in mind I reported a massive vulnerability to Ning, 6 months back and they still haven't patched it!!!!! Or the owner hasn't updated haven't checked, It is a 5 min job, and the vulnerabilities it allows is just huge to any one viewing an infected page. The fact they have allowed it in a production product is scary TBH.
Jaz
Uvex Media
Junior Member
Clueless? Speak for yourself. Are you one of those 'hate big brand types' with an axe to grind?Jazajay said:
You could refer those statistics you've produced to just about any open source or "open to the masses" application on the planet. In fact, any application on the web has security loopholes if the individual trying to get through them has the talent to take you down. Do you really believe that somebody trying to gain access to your system is going to quake in their boots if you're running vBulletin or "Bob's Bedroom Created Forum Software"? It makes no difference what you're running, any system has vulnerabilities, you can only lower your risk so far.
From a security perspective, I believe you have very little to gain from creating your own application unless of course you have specific requirements that existing solutions don't cater for. To be honest, unless you're development minded, following the crowd is just about the only option available to you.
You've talked about the benefits of creating your own forum, what about the benefits of using a package already available? Not only do you save time, money and convenience, you get the support of a community of users that identify just about any loopholes/problems in the system which allow for an iterative improvement process. How can you match that with your bedroom created software?
C
chrismitchell
Guest
I just use a plug in for wordpress.. it may not be fancy.. but it does the job.. If i had the time to make something from scratch then i would.. but 99% of the time i don't so i have to use what i can find.. IT scavenging seems to be the way things go these days... ho hum
Sunburn
Active Member
imho unless your running a closed network ie NO outside access / terminals / connection and are running preventive dampers then there is no such thing as a safe(ish) system, even such a system / network described above can be hacked by certain methods. (rf -ef -mf etc)
As far as joe user goes however, out of the box solutions are popular as the majority dont have any understanding of development or coding experience and want something that to the best of their knowledge works, as such they are blind or ignorant to the risks such solutions pose.
Ultimately its a horses for courses race
As far as joe user goes however, out of the box solutions are popular as the majority dont have any understanding of development or coding experience and want something that to the best of their knowledge works, as such they are blind or ignorant to the risks such solutions pose.
Ultimately its a horses for courses race
C
chrismitchell
Guest
the question is .. is how sensitive is the data on the forum.. does it really matter? If someone hacks it.. what will they get .. teenages complaining about how their mum won't let them eat cake etc etc.. I don't care if anyone hacks my forum, there's nothing of any use there anyway LOL
Jazajay
Active Member
@Uvex Media
{SIGH} You sort of missed the point TBH, as Sunburn rightly says unless it is a closed network yes you still may have problems. I'm not saying that it will be any more secure, well I would love to see some 1 get round my filters especially with file uploads, or even try to crack my custom CMS security login, but that's not the point. The point, is if you create it your self you take yourself off the radar. If you know a site follows the crowd and you know how to hack via the search engines you can find all outpacthed versions of any software on the net, you then look them up for exploits and wella your in with very little trouble or even time wasted.
By creating it yourself 1 you are not in the list and 2 they don't have a detailed attack strategy they have to take an immense amount of time trying to crack it if your validation protocols are strong and with no point to start with they have to go through every possible attack or start with the most common. Now if you know your stuff you can quite easily protect against them, hell most are a 5 min job, bare in mind I actually hide my server conf, takes time to mask it as Ills when you are running Apache and yes granted could still be got by someone really knowing there stuff but the added time to their attack strategy is all it takes, 99.9% of the time, due to huge amount of easy targets that use custom solutions.
But the point being is because I created it myself attack routes are not documented and I don't appear in any attack carried out via a search engine. The point that I'm not an easy target then again means I am seriously safer due to the immense amount of easy targets out there.
@chrismitchell
Now if you relie on your threads to bring you ad revenue and you then find that you have an empty forum the answer is yes it does, the level of sensitivity is irrelevant as quite a few hackers just want to do it because they can, and for the recognition of doing it from other hackers, their peers if you like.
If you then allow for image uploads, for say O I don't know Avatars, and miss 1 section of validation, bare in mind file upload scripts are easy to create you need to spend time on getting them truly secure, then they can upload Malware or even possible take down the server.
Once Malware is detected you can say good by to all your ranking across board and thus most of your revenue.
If the server is hosted you will probably acquire a fine from the server company for downtime of every one on the server, lost income due to people coming to your site and getting a 500 error, and your rankings as they would move you to another server more than likely, which can effect your rankings in a negative way.
Now if I was a competitor there's reason to do it on it's own, data sensitivity is totally irrelevant 9 times out of 10 TBH.
Jaz
{SIGH} You sort of missed the point TBH, as Sunburn rightly says unless it is a closed network yes you still may have problems. I'm not saying that it will be any more secure, well I would love to see some 1 get round my filters especially with file uploads, or even try to crack my custom CMS security login, but that's not the point. The point, is if you create it your self you take yourself off the radar. If you know a site follows the crowd and you know how to hack via the search engines you can find all outpacthed versions of any software on the net, you then look them up for exploits and wella your in with very little trouble or even time wasted.
By creating it yourself 1 you are not in the list and 2 they don't have a detailed attack strategy they have to take an immense amount of time trying to crack it if your validation protocols are strong and with no point to start with they have to go through every possible attack or start with the most common. Now if you know your stuff you can quite easily protect against them, hell most are a 5 min job, bare in mind I actually hide my server conf, takes time to mask it as Ills when you are running Apache and yes granted could still be got by someone really knowing there stuff but the added time to their attack strategy is all it takes, 99.9% of the time, due to huge amount of easy targets that use custom solutions.
But the point being is because I created it myself attack routes are not documented and I don't appear in any attack carried out via a search engine. The point that I'm not an easy target then again means I am seriously safer due to the immense amount of easy targets out there.
Really how many have you created or had created for you?
No, but if you know what you could do via that Ning exploit you would be scared. I don't even use that site now due to the potential that my personal security is at risk.
@chrismitchell
Lets say you have 1000 threads on your DB and the software you use allows for an SQL injection attack, Kaspersky was done via a SQL injection attack I think, then all it would take is for me to add a few lines of special coding and I would delete your entire DB and all those 1000 threads.
Now if you relie on your threads to bring you ad revenue and you then find that you have an empty forum the answer is yes it does, the level of sensitivity is irrelevant as quite a few hackers just want to do it because they can, and for the recognition of doing it from other hackers, their peers if you like.
If you then allow for image uploads, for say O I don't know Avatars, and miss 1 section of validation, bare in mind file upload scripts are easy to create you need to spend time on getting them truly secure, then they can upload Malware or even possible take down the server.
Once Malware is detected you can say good by to all your ranking across board and thus most of your revenue.
If the server is hosted you will probably acquire a fine from the server company for downtime of every one on the server, lost income due to people coming to your site and getting a 500 error, and your rankings as they would move you to another server more than likely, which can effect your rankings in a negative way.
Now if I was a competitor there's reason to do it on it's own, data sensitivity is totally irrelevant 9 times out of 10 TBH.
Jaz