Securing a bulletin board October 25, 2007
Posted by CamdenKiwi in : Blogging , trackbackI host a small, private bulletin board for a group of friends using the open source community software phpbb. Out of the box, it’s not too secure, and so today I did some tidying up. This blog is to note what I’ve done, and may be of interest to anyone who uses the software.
First of all, read this very good post on the phpbb forums. Spambots, which automate registration and then try to post junk on the board, are constantly laying seige to boards which allow self-registration, and there are ways of keeping them at bay. Our big problems were having the membership list visible to anyone who came in, and spambots registering themselves. The standard software allows you to stop the spam registrations from posting, but can’t prevent them from registering.
I’ve now applied two modifications to the standard software. The first prevents anyone who isn’t logged on from seeing any part of the board. I put it into every page on the site, not just the ones listed here, so now whereever you try to go, you’ll be redirected to the login page.
The second was a little more complex, but adds extra security to the registration so that spambots can’t register. This works well for our small forum, which is invitation only, but would be more constraining for a larger site.
Applying the modifications is an automated process, but because the first wasn’t verified for my version of phpbb, and the second hadn’t been verified at all, I did them manually.
This level of work on phpbb requires moderate skill. You should be familiar with editing files and have a working knowledge of php. It was fairly simple, and well worth the effort. If I install phpbb again, I’ll probably just add these on to the installation.
Comments
[...] with the phpBB Bulletin Board software — apparently it’s not very secure by default. Securing a bulletin board: First of all, read this very good post on the phpbb forums. Spambots, which automate registration [...]