I recently got some paid work making a web-based forum using open-source software. I thought for sure the state of the art would have improved somewhat in more than 3 decades, but nope. it's still the same old crap, insecure right out of the box, the only supported installation option being right on the public web, allowing any hacker/cracker/script kiddie to intercept it before you even get it online and take it over. and if they know the software well enough (it's open source after all, so why wouldn't they?) there is quite possibly a way to exploit it to open a port on the server itself.

anyway, phpbb, one of the first, still has the above problems plus it wouldn't allow me to log back in as admin after logging out, and wouldn't recognize any of my captcha attempts when trying to create a new username. so I cloned it from github and figured out how to install directly from there, and wrote it up for others.

my client ended up using Simple Machines Forum (smf), an equally-insecure but better-looking software, that also had an installation bug but only cosmetic instead of functional, and that I was able to fix with some SQL queries.

Back to blog or home page

last updated 2019-08-10 19:09:46. served from tektonic.jcomeau.com