Most secure forum?

K, I was just wondering, what would be the best forum system to use on a site? I need to use something that will be secure, stable , and so on. I haven't got the time to code my own, and at the moment I am using phpbb3.

So, what, in your opinions, are the best forum systems to use?

Well, as a general consideration, my opinion would be a forum that doesn't allow BBcode, strips / replaces HTML tags, strips / replaces Unicode, and probably some other stuff I'm forgetting. Or, maybe I'm too paranoid.

Edit: Forgot… escaping strings used to insert new posts, proper MySQL permissions, and sanitizing GET data.

well dont use phpbb or invision i would recommend or SMF (simple machines) and its free

I've heard that DiscusWare (http://www.discusware.com/) is really secure, but I haven't used it myself so I can't promise anything :p

Zephyr_Pure wrote: Well, as a general consideration, my opinion would be a forum that doesn't allow BBcode, strips / replaces HTML tags, strips / replaces Unicode, and probably some other stuff I'm forgetting. Or, maybe I'm too paranoid.

Edit: Forgot… escaping strings used to insert new posts, proper MySQL permissions, and sanitizing GET data.

Very true, but I think he meant pre-scripted ;).

Go open-source and make users go through a filter before they have access to your site.

spyware wrote: Very true, but I think he meant pre-scripted ;).

Go open-source and make users go through a filter before they have access to your site.

Yeah, I think that is what I'll do, maybe use SMF and modify any bits of the code that could be dangerous.

@zephyr, you can never be too paranoid ;)

spyware wrote: Very true, but I think he meant pre-scripted ;).

Go open-source and make users go through a filter before they have access to your site.

Also a sound consideration. I guess I probably could've phrased my post better by saying:

"Get an open source package and secure it yourself." :D

Hmmm…. interesting question. As far as 'secure' open source things go the best ones would probably be both popular with few know exploits, so SMF.. You could also go for a less well known one, but the chances are that none of the exploits have been found… Good for keeping the skiddies out, but not great for the average hacker who will audit the source and take the site.

In my experience IPB is the most secure. By this I meant vulnerabilities are far between, get fixed within an acceptable time frame and critical ones are very rare.

Of course it's not free, but that's fine for me. If it isn't for you, then I suggest something like SMF (as other here have done). phpbb used to be really bad but they really have cleaned up their act and are now decent.

Edit: downsides of using non-free forums are that there may be fewer mods and themes for you to pick from. Though in my experience I've found mods, perhaps not themes.

When I used IPB there was no end to the number of mods and themes, so thats not too big an issue, the main problem is the licence

I just paid for a life time license. Problem solved.

In addition to SMF I've heard that joomla and php-nuke are pritty secure. I'd check them out on http://www.opensourcecms.com/ before choosing one.

Lima Oscar Lima, Over

bigggnick wrote: In addition to SMF I've heard that joomla and php-nuke are pritty secure. I'd check them out on http://www.opensourcecms.com/ before choosing one.

Lol, secure, not insecure.

SMF is really good I'd suggest you go with SMF it's free secure and easy to use. Theres not that many good skins out there but there are a few that are kick a**. All I have to say about phpbb3 is :angry:

I admin a joomla based forum, it's all pretty cool.

k, I just thought I'd follow this thread up to let you all know what forum I chose.

I've decided to use Simple Machines 1.1.3. Best forum ever in my opinion, first time I've admin'ed one, and it all looks pretty secure and neat.

So if you want to take a look at the forum it's over here: http://forum.viralcoders.com/

Oh, and tell me if you manage to find any security holes in the site ;)

i think that something like 100% secure forum does not exist. but i know, that was not the question. i was for 1 year admin of warez forum, powered by vbulletin. we every updated to the latest version, and applied security fixes and add-ons (like a CBACK CrackerTracker for phpbb), and we wasnt get hacked in any time… i have also some experience with phpbb, but i dont use it as vbulletin, so i cant say…