With customers numbering in the thousands, it is not possible for us to disable components of sites when security issues emerge, so we must resort to suspending the entire account. Lately, phpBB has been the subject of umerous exploits that have resulted in customer account suspensions. If you want to avoid an account suspension for other components of your site when phpBB is compromised, we have a new recommendation.

If you are running phpBB on your site along with mission-critical components, consider putting the critical parts of your site into a separate account, because the phpBB exploits could make the rest of the information in the account vulnerable to hackers. You would not need to register a separate domain to do this, as we can point a subdomain of your current domain name (forum.yourdoman.com) to this secondary account.

PhpBB has been the target of many exploits lately and has been updated multiple times this year already in response to those. If you are not able to monitor the security issues daily, and a separate account for the forum is not feasible, the best solution for you might be to migrate your forum to a different forum script.

Jeff,

I'm using phpbb on myonlinemagazine.net. Could you explain to me what "mission-critical components" are so I will know if i'm running the phpbb with them or not. I check in with installatron pretty regularly to see if there are updates needed. If there is somewhere other than installatron that is better for me to check for updates, please let me know where that is. I recently updated after getting an email from you guys announcing one. I'm signed up for the newsletter that you send out for such things. Also, if it would be better or safer to use one of the other forums in installatron, please suggest one. My forum is newer and not yet active so it would not be a problem for me to switch to the simple machines or xmb.

Thanks as always,
Lana

Lana, just a small bit of friendly advice, since your forum is presently very small, I would humbly suggest you change forums. This is not the only time in history PHPBB has been a headache, it's frequent. You would save yourself a huge maintenece nightmare by switching to something else early.

There are tools out there as well to help convert from PHPBB to others as well, so you wouldn't loose data, but I can't say specificially which ones or where they are, I just know I have seen them, maybe someone else could shed some light on that and help lots of people caught in this nightmare.

ah, google to the rescue

PHPBB to simplemachines http://www.simplemachines.org/download.php?converters is a start...

Originally posted by ljmyers@Feb 21 2005, 06:37 AM
Jeff,

I'm using phpbb on myonlinemagazine.net. Could you explain to me what "mission-critical components" are so I will know if i'm running the phpbb with them or not.
Quoted post

Sure can! Simply stated, "mission-critical components" are parts of your site other than phpBB that you can't afford to be without. Since phpBB is now likely to be compromised and the compromise could well take down/wipe out/alter/deface everything within the account, isolating it from those mission-critical components is a really good practice. :)

Thanks Dan and Jeff. The explanation does help but if phpbb has a history of this kind of thing, I think I will take Dan's advice and switch over.The less headaches the better I think. ;)

Jeff,

If one has a reseller account and creates a separate user for the forum (with a new domain name), would this be secure enough?

Thomas

Just an FYI. I installed the Simple Machines Forum yesterday and have been playing with it. I really like it. So many more options and much more detailed control in the admin panel. It just looks alot nicer too. I might add a comment in the smf board below for future potential admins.

Thanks,
Lana

Yeah, I am replacing the PHPBB install of a cleint of mine with a SMF, I had some stupid issues at first, but it's up and running, the convertion was pretty cool once I sorta "tricked" the convertor...now it's just a matter of skinning the damn thing.

Originally posted by dbmasters@Feb 22 2005, 09:35 AM
...now it's just a matter of skinning the damn thing.
Quoted post



Hey Dan, I'm sure Lana would share whatever she designs for her site with ya....

It might add that "soft touch" to your site :lol:

Originally posted by thomas@Feb 21 2005, 09:40 PM
Jeff,

If one has a reseller account and creates a separate user for the forum (with a new domain name), would this be secure enough?

Thomas
Quoted post

Thomas, that would be enough isolation to prevent the main domain from being shut down if the forum gets exploited, so the answer is yes.

Thank you for your reply Jeff,

Thomas

HAHAHAHAHAHAHAHAHAHAHA!

Yeah Dan, a never know until ya try. All those girly colors, just think what it could do. :lol:

Originally posted by tnas+Feb 22 2005, 01:43 PM--><div class='quotetop'>QUOTE(tnas @ Feb 22 2005, 01:43 PM)</div><div class='quotemain'><!--QuoteBegin-dbmasters@Feb 22 2005, 09:35 AM
...now it's just a matter of skinning the damn thing.
Quoted post



Hey Dan, I'm sure Lana would share whatever she designs for her site with ya....

It might add that "soft touch" to your site :lol:
Quoted post
[/b][/quote]
hehehe, yeah, I'll get right on that :lol:

Actually, I need kinda of a maroony sort of color for client...found a couple, but one didn't work and the other was kinda harsh to the eyes, so, I guess it's off to photoshop for me...

Dan,

If your having a hard time with the colors, the color schemer site always helps me out. I just type in the basic color I'm wanting to work with and then as you probably know, it allows you to lighten and darken and also gives you a bundle of colors that work with your particular choice. It seems to be a big help to me when I'm kind of at a loss for choices.

http://www.colorschemer.com/online.html

If you would like some suggestions, give me a link and an idea of the site theme and I'll be happy to help out.

Lana

Jeff,

If I have the a PhpBB forum protected with a password using .htaccess does that help with the security risk, am I still a high risk?

I am planning to transfer from PhpBB to something else, but I don't have the time to do that right now. I am doing my best to keep it up to date for now, but this is becoming a large PITA! :angry: Since installatron won't update it, I have to manually do the upgrades, and then pray that everything, including my customizations, still work.

Yes, I'm afraid that the password isn't enough. Any copy of phpBB MUST be upgraded. This will soon be posted as a hostPC all servers directive.

Unpached software unfortunately is a security risk to the machines that said software is running on.

It is probably a good idea to start upgrading asap, because ...

According to Joe... soon it will be made mandatory with an attached time frame.

Thank you for your understanding, your cooperation will help enhance security, stability and service for all HostPC users.