Tempted to use phpBB with Wordpress (w/ integration plugin)

x.x I have to say that I had a blog running on WP 2.6 and hasn't been hacked successfully. Hell I even tried to hack it when I forgot my admin pass, but I failed, and so did some of my friends who have successfully hacked other sites one of them which were a phpBB powered forum.

 

A blank index.html or index.php file will only block file listing in the directory it is in, not all the sub upload directorys that wordpress creates for each month of the year. IE: uploads/2009/06 etc

You would have to put a blank index.html or index.php file in every folder wordpress creates in the upload folder. Otherwise I can just browse past the upload directory and still see all your listings in folders that don't contain an index.html file, like all the year and month folders.

The best method to get around that is to upload a .htaccess file into your upload folder using this code below.

Code:

IndexIgnore *

This will stop listing of files in all directorys inside the upload folder, there is no need then to have to upload an index file for every sub-folder created by wordpress each month and year.

I'm not sure though how using this method effects uploaded images being indexed by Google though using a .htaccess file to block file listings. It's something I'm currently keeping a close eye on, seeing as my uploads/2009/06 folder has over 1000 images waiting to be index by Google images. So I'm keeping an eye on that right now. If it does stop google indexing them, I'll have to manually upload a index.php file to each sub folder every month like you mentioned, bit of a chore that though. So I'll wait a few weeks yet and see if they get indexed first.

 

This is some poor advice - at best.

If you want to protect your admin directory, use a htpasswd file. This will double password protect that directory.

Certain types of internet connections - dial up, DSL - change IPs on a regular basis. So that means your going to have to edit your htaaccess file every day to access your admin folder - bah.

Just set up a htpasswd file with an encrypted username and password that is different from your wordpress admin account and be done with it. There is no need in editing your htaacess file everytime you want to access your control panel.

htaccess works if your ip never changes.

htpasswd works if your ip does or does not change.

 

Look at the BIG picture. You can setup an index.html page, and include links to your other pages with anchor text. Google will index that page, index the links and the anchor text. You can use those pages to help optimize your site for search engines.

If you wanted to take it a step further, add an RSS feed from your recent forum post, add some google adsense banners and you have a full webpage to directs people to where you want them.

 

Don't get me wrong, if you don't mind spending the time to keep uploading an index.php file into each folder created by wordpress in the uploads directory, it's the best method to go with. Personally, I'd find that a little too much of a chore to do all the time, even though it only means having to do it once a month each time. I'd start to forget about having to do it as time went on, so I'd sooner solve the issue with a .htaccess file for now, but I'll see how things go.

I'm not interested in the bigger picture in what you can do with an index.php file to add links or ads to it. I'd sooner bots concentrate on the sites main content, not indexing loads of index.php files in upload/sub-directorys that are usless pages for people to visit.

 

I like this idea... maybe a script could generate such a page each night?

 

What page are you talking about?

If you have vbulletin, you can use the external data provider and a java script on the html pages. This would update the page with the most recent forum post ever X number of hours.

I am using this very feature to display the recent forum post in the sidebar of my wordpress blog.

If your not using VBulletin, you could use something like Carp (from geicko tribes), and display the recent post using an RSS feed from the forum.

My personal opinion would to be to use either SMF or MYBB with wordpress. Install both to the same database for ease of backup.

 

Kevin, you're a bit over the top with this hatred from what I can tell.

phpBB might not be the best software, and I haven't personally used it for purposes other than testing since 2004, but I have tested phpBB 3 and its not horrible.

There are plenty of larger sites using phpBB and if they're large, hackers have tried to hack them. Just because you saw some site who probably was a 2.XX site that the owner modded by adding 100's of modifications getting hacked every week doesn't mean the whole development team are horrible. I've seen SMF sites get hacked, vBulletin sites get hacked, MyBB sites get hacked, etc... What you don't understand is that there are more phpBB forums out there than any other software and that means hackers will target them just by the numbers. Even with that said, there are still plenty of large phpBB forums who take security seriously and haven't been hacked in many years.

Maybe you should go over there and show them how its done then...

 

Its more along the lines that I "dislike" phpbb. I teach my kids to never use the word "hate", because its a "four letter" word. Meaning, its a bad word.

And lets not get personal here shall we?

I like to consider myself a semi-experienced forum admin. Over the years I have tried all kinds of forum software, including phpbb2, smf, fireboard, md pro from maxdev, dragonfly, PNForum (post nuke forum), VBulletin,,,, only to name a few.

phpbb has to be the worst of the crop. Just because something is popular does NOT make it the best, nor does popularity make it good.

I have been on the internet since around 1995 or 1996. In that 13 - 14 years, I have seen more phpbb forums hacked and defaced then any other kind of forum.

From my personal experience, and in my opinion, phpbb is the worst forum software you can use.

 

Lets all take a chill pill shall we, it's getting rather hot under the collar in here.

All I would say Kevin, just keep in mind that phpBB is the most used free forum board by far, so you will see more phpBB board getting hacked than any other free board. Just don't discount numbers coming into the equation, as to why your seeing phpBB getting hacked so much.

I could argue that I see more vBulletin boards getting hacked than SMF boards. But I'm not silly enough not to realise that's because of the amount of people using vBulletin, as opposed to SMF. Not that SMF is more secure.

 

It would be interesting to split the difference. Have an index.html and an .htaccess file in the upload directory. Then you get the page where you can display links back into your site and can show some ads to people that happen there. The .htaccess file will prevent directory listings and having people go deeper into the directory. Or you can easily have the .htaccess simply redirect them to the original link and ad page.

Seems like both ideas can easily work together. Not sure why you have to rigidly go one method or the other.

If you don't provide links to these pages and they are used as a honeypot for snoopers then why would bots be indexing them? Search Engine Bots don't simply try random URLs in the hope that they get a hit. They follow links.

Again both ideas can be used in synergy with each other and are not mutually exclusive.

As far as using a forum. I would not recommend phpBB. I take phone calls daily about the software and none of them are happy and are usually from people who have wasted thousands of dollars on the free software. Unless you're technically able to do your own PHP work than phpBB is probably not for you. If you need to use a free forum with WordPress than I would recommend BBPress, MyBB and SMF in that order.

 

First off, never once did I get personal other than saying you should show them how its done if it sucks so much... Also, there are many 4 letter words in the english language. "Word" is included in that one there are also many other words that are "bad" that are longer than that. It is possible to hate something, maybe you don't hate it, but it seems like a very deep disdain if not hate.

And second, I never said popularity meant it was the best forum software, or even anything close to that. What I said was that it is more likely that a phpBB forum would be attacked by a cracker (since hacker is the wrong word) because of the vast amount of installs, and since its the most popular, it's the most likely one to be attacked. I don't think its as secure as vBulletin, but its also 200.00 cheaper, and no where near as bad as php nukes forum that I've tried.

I also consider myself a semi-experienced forum admin, and have tried many forums (vBulletin, IBP, SMF, phpBB, MyBB, Vanilla, bbPress and the list goes on). That doesn't mean that we have to have the same opinions on something, and I was just saying your opinion has potential flaws in it.

 

ok being the developer of the vb-pbwow forum skin for vbulletin i have to have a local installation of phpbb installed for the phpbb version of the skin PayBas works on and let me tell you phpBB can be hacked even the newest version. vBulletin is FAR more secure and is alot easier to administer in my opinion

 

True, that is another option. As well as maybe expanding more on the .htaccess idea of using a redirect back to the homepage etc. There is always scope to improve things further, and I'm always looking at that myself always. I never just accept what I have, I always look for better options when possible for using.

Good point, I kinda forgot that your not linking to them pages, sending bots to index them. That slipped my mind, well spotted and pointed out.

This thread is going way off topic by the way

 

Thanks for the opinions and especially the type of security measures to take to fend off the hackers out there.