Heya
The phpBB Security is security to use or CTracker is better?
phpBB Secutiry
Forum rules
Please post any phpBB 3.1.x related topics in the forum.
Please post any phpBB 3.1.x related topics in the forum.
-
Yuri Menzl Celaschi
- New member
- Posts: 21
- Joined: 19 Feb 2007, 00:31
- Location: SP - Brazil
- Contact:
phpBB Secutiry
MOD Team
Official Brazilian Support
MOD's: :: ::
Official Brazilian Support
MOD's: :: ::
-
Yuri Menzl Celaschi
- New member
- Posts: 21
- Joined: 19 Feb 2007, 00:31
- Location: SP - Brazil
- Contact:
-
Ganon_Master
- Past Contributor
- Posts: 311
- Joined: 20 Nov 2006, 16:23
- Real name: Hidde
- Location: Soesterberg, Utrecht, The Netherlands
- Contact:
I've used them both. They have some good security additions, but it's nothing that great.
I know this site that has this in the footer: "phpBB Security Has Blocked 9,806 Exploit Attempts." Click on the link and you'll get a list of all the blocked attempts. Most of them were Perl execution and DDoS attempts.
phpBB Security had one version that had an exploit, but that exploit was very common problem that a lot of other mods had.
But you should just stay up to date with the latest phpBB release.
I know this site that has this in the footer: "phpBB Security Has Blocked 9,806 Exploit Attempts." Click on the link and you'll get a list of all the blocked attempts. Most of them were Perl execution and DDoS attempts.
phpBB Security had one version that had an exploit, but that exploit was very common problem that a lot of other mods had.
But you should just stay up to date with the latest phpBB release.
-
Yuri Menzl Celaschi
- New member
- Posts: 21
- Joined: 19 Feb 2007, 00:31
- Location: SP - Brazil
- Contact:
-
Ganon_Master
- Past Contributor
- Posts: 311
- Joined: 20 Nov 2006, 16:23
- Real name: Hidde
- Location: Soesterberg, Utrecht, The Netherlands
- Contact:
-
Yuri Menzl Celaschi
- New member
- Posts: 21
- Joined: 19 Feb 2007, 00:31
- Location: SP - Brazil
- Contact:
-
Krank
- Member
- Posts: 90
- Joined: 28 Sep 2006, 21:25
- Location: Somewhere [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
this is actually kinda confusing, is phpBB security good? is Ctracker good? which one is better? both are the same?
in case, that they are both not good, does that mean that the "phpBB Security Has Blocked XXX Exploit Attempts" is false? just a generated number? or did it really block the attacks?
DDoS Attempts, Perl execution and whatever ganon said, does Up-to-date phpBB stop or prevent them?
if it does, does it also do the same with a modded phpBB (mods installed), because to my knowledge many mods had holes and whatnot that made phpBB vulnerable even if updated to latest right?
no one is questioning phpBB, i guess everyone is concerned with a phpBB with MODs installed.
evaluate please.
phpBB Security 1.0.3: ( __ ) Very Good ( __ ) Good ( __ ) Bad ( __ ) Terrible (it'll make your board even more vulnerable).
Comments: _________
Ctracker 5.0.3: ( __ ) Very Good ( __ ) Good ( __ ) Bad ( __ ) Terrible (it'll make your board even more vulnerable).
Comments:_________
everyone want to make their board secure and safe, no doubt about that.
lol P.S use :checkyes: and :checkno: to fill in the blanks ( __ ) lol
in case, that they are both not good, does that mean that the "phpBB Security Has Blocked XXX Exploit Attempts" is false? just a generated number? or did it really block the attacks?
DDoS Attempts, Perl execution and whatever ganon said, does Up-to-date phpBB stop or prevent them?
if it does, does it also do the same with a modded phpBB (mods installed), because to my knowledge many mods had holes and whatnot that made phpBB vulnerable even if updated to latest right?
no one is questioning phpBB, i guess everyone is concerned with a phpBB with MODs installed.
evaluate please.
phpBB Security 1.0.3: ( __ ) Very Good ( __ ) Good ( __ ) Bad ( __ ) Terrible (it'll make your board even more vulnerable).
Comments: _________
Ctracker 5.0.3: ( __ ) Very Good ( __ ) Good ( __ ) Bad ( __ ) Terrible (it'll make your board even more vulnerable).
Comments:_________
everyone want to make their board secure and safe, no doubt about that.
lol P.S use :checkyes: and :checkno: to fill in the blanks ( __ ) lol
phpBB3 Je t'adore: subSilver2 Based styles fan
proSilver, good, but too .... I don't know just too...
Hi,
as I had installed both, it's easy to say. CTracker is a highly configurable package, which allows you take care of every single parameter. It takes care of even bad programmed MODs, where it gives you an error, which you can use to "repair" the dangerous files and make it secure.
But it's very complex and that's the reason, why I'm running phpBB Security now.
So I think it depends on the size and complexity of a forum. So in my case, I only run a small forum with less than 100 users. As I do regular backups, I might loose a day or so, but not more and it can be restored very fast. So it's in fact a descision from every single forum admin, what he/she likes to have.
Comparing both is like comparing a Mercedes with a Beetle
So as in most cases: Use the one you think it fit to your forum. But use at least one of them!
as I had installed both, it's easy to say. CTracker is a highly configurable package, which allows you take care of every single parameter. It takes care of even bad programmed MODs, where it gives you an error, which you can use to "repair" the dangerous files and make it secure.
But it's very complex and that's the reason, why I'm running phpBB Security now.
So I think it depends on the size and complexity of a forum. So in my case, I only run a small forum with less than 100 users. As I do regular backups, I might loose a day or so, but not more and it can be restored very fast. So it's in fact a descision from every single forum admin, what he/she likes to have.
Comparing both is like comparing a Mercedes with a Beetle
So as in most cases: Use the one you think it fit to your forum. But use at least one of them!
-
Yuri Menzl Celaschi
- New member
- Posts: 21
- Joined: 19 Feb 2007, 00:31
- Location: SP - Brazil
- Contact:
femu,
I agree with you...But the last version of ctracker blocks all things that you think, =(. I used to use phpBB security 1 year ago, don't remember version, but helps me protect the board.
I'll try install phpBBSecurity, then I will ask help to test the security
I agree with you...But the last version of ctracker blocks all things that you think, =(. I used to use phpBB security 1 year ago, don't remember version, but helps me protect the board.
I'll try install phpBBSecurity, then I will ask help to test the security
MOD Team
Official Brazilian Support
MOD's: :: ::
Official Brazilian Support
MOD's: :: ::
I know. It's very hard to install and configure it, but in fact it shows you the holes in the board. But to be honest, I deinstalled a week ago too, as I was really busted abot every warning, although I was within the projet of v5 from nearly the beginning.So for my board I think the phpBB Security ist enough.
As said above, CT is surely the better descition for bigger boards
-
Saeru
- Past Contributor
- Posts: 177
- Joined: 17 Jun 2006, 23:58
- Location: Behind a PHP book. [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1266: count(): Parameter must be an array or an object that implements Countable
Most of the security mods out there only add to the issue. Some can make new holes in your forums security that you are unaware of that may allow hackers in. Theres a reason why most are not validated by the MODDB. Some of them are also old, and not made for the current version of phpbb. Thuss may too add holes that having up to date phpbb files would have patched.
I personally would never use a security mod. There is no need for one, the last few versions of PHPBB have had no reports on hacking that wasn't the fault of the user. (installing mods with security holes, not updating files properly, and such)
I personally would never use a security mod. There is no need for one, the last few versions of PHPBB have had no reports on hacking that wasn't the fault of the user. (installing mods with security holes, not updating files properly, and such)
"Naku ga yousuru ichidanto tsuyosa kyaku ga icchuu wo yusuru."[/size]
Return to “phpBB 3.0.x "Olympus" discussion”
Who is online
Users browsing this forum: No registered users and 47 guests