Securing phpBB3

I've been asked by one of the hosted sites on my linode to deploy phpBB3 for them. I want to set it up for them, but I'm wary of phpBB, as it's someone notoriously insecure. Obviously, I'll be requiring that it be kept up to date, and I'll be creating a separate limited access MySQL for it, but are there any other suggestions to keep things secure?

I'm running lighttpd on Ubuntu 10.04. I considered a chroot jail, but I don't really want to run separate lighttpd or php processes just for the forum.

1 Reply

@Guspaz:

I've been asked by one of the hosted sites on my linode to deploy phpBB3 for them. I want to set it up for them, but I'm wary of phpBB, as it's someone notoriously insecure. Obviously, I'll be requiring that it be kept up to date, and I'll be creating a separate limited access MySQL for it, but are there any other suggestions to keep things secure?

I'm running lighttpd on Ubuntu 10.04. I considered a chroot jail, but I don't really want to run separate lighttpd or php processes just for the forum. Make sure that you update phpBB3 regularly, and also.. there should be a option to remove the versionining off the board. Usually hackers use google to look for a specific version, ie; "phpbb 2.1.24"

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct