Securing phpBB3
I'm running lighttpd on Ubuntu 10.04. I considered a chroot jail, but I don't really want to run separate lighttpd or php processes just for the forum.
1 Reply
@Guspaz:
I've been asked by one of the hosted sites on my linode to deploy phpBB3 for them. I want to set it up for them, but I'm wary of phpBB, as it's someone notoriously insecure. Obviously, I'll be requiring that it be kept up to date, and I'll be creating a separate limited access MySQL for it, but are there any other suggestions to keep things secure?
I'm running lighttpd on Ubuntu 10.04. I considered a chroot jail, but I don't really want to run separate lighttpd or php processes just for the forum. Make sure that you update phpBB3 regularly, and also.. there should be a option to remove the versionining off the board. Usually hackers use google to look for a specific version, ie; "phpbb 2.1.24"