How to Prevent your phpBB Forum from Exploits
PhpBB is an open source forum software. This means that everyone has access to its code. This makes phpBB exposed to many hacker attacks and exploits.
If we are to be honest no forum software is fully protected from the exploits constantly developed by hackers. Some people generally consider phpBB to be more vulnerable to attacks because of its open source nature which makes its code accessible by virtually everyone. Others support the opinion that even the paid forum software is exposed to the same danger because obtaining the code is not a problem for the wide spread and well organized piracy these days.
Anyway the struggle with hackers continues. The phpBB development team do their best to react as quickly as possible and address the security flaws with the utmost persistence and commitment. Meanwhile new versions released such as phpBB 2.0.11 and the others to come tend to solve some major security problems.
PHPbb Team: "Security is our priority!"
Developers working on phpBB claim that security was their priority. The main features created in order to protect your forum from the hackers' attacks include:
Advanced authorisation system,
Efficient encryption, which keeps passwords safe in the database,
Running both cookie and URI-based sessions.
As you must have already become aware of, phpBB is not fully protected from all the exploits that constantly appear on the net but the people involved in the developing process of this software try to provide you with a product as secure as possible. It would be best if you take the necessary precautions in order to avoid hacking of your forum. If you don't keep your forum installation secure and up-to-date, the consequences might be really unpleasant.
phpBB security is not just the action to protect your forum against specific hacks, but also to reduce or eliminate other risks - not just to the code of the software, but also the personal data and information contained within, as well as the integrity of your community and member list. Problems include email address harvesting, automated signups, dropping links, member list abuses and other such annoyances which take up valuable moderator and admin time.
How to protect your forum?
There are some basic and easy rules you should follow in order to lower the risks of getting your phpBB forum hacked:
It is important to note that SPAM is not a security threat; at worst you will have to go through your board and delete some topic/users. Rather than install every MOD you come across, you should first try using the built in SPAM protection features that come with the latest version of phpBB 2.0.x. Then, if necessary, install a MOD or two until you find the combination that best works for your board.
Update Update Update!
With each new version of phpBB, security is improved and bugs are fixed. If you're not running the latest version, you should update as soon as possible. Please, check the phpBB upgrade tutorial for more detailed information.;
Set activation to 'user' or 'admin'
This feature sends an activation email to either the user registering or the administrator. Unless you plan on activating all members personally, you should leave this set to 'user'. Many bots use fake emails when registering, so this will stop them from activating the account. It will also discourage some human spammers, since they will need to provide a valid email account each time they register. Not only does this stop some spam, it also helps make sure that all members have valid email accounts on file (which will prevent emails from bouncing back when you send mass emails). You can activate this option in the 'configuration' section of the administration panel.
Enable visual confirmation
This is the image with the numbers/letters you had to enter into the box when registering on this site. While doing nothing to prevent human SPAM, it should block most of the bots. This feature has been improved in recent versions and even further improvements are in the CVS (will be in the next release). You can activate this option in the 'configuration' section of the administration panel. If you are using the latest version of phpBB, but do not see this option in the administration panel, your template is likely out of date.
Disable guest posting
If you allow guests to post, SPAM bots will not even bother registering. It is therefore generally recommended that you disable guest posting on your board.
These things will gradually lower the risk of exploiting your phpBB software. If despite the measures taken, your forum gets hacked, do not hesitate to contact a person well aware with this stuff or simply look for help in the phpBB community forums where you will find precise and professional help almost at once.
You can download the newest versions and extra features of phpBB for free from the official web site which is constantly updated and provides all the necessary information -
By regularly checking the updates and download options offered, you will be kept informed on every issue concerning phpBB that might be of some interest to you. The possibility to keep in touch with over 240 000 phpBB community members is a considerable support for every problem that might appear.