Page: 1
| Author | Post |
|---|---|
|
#1 Mon Apr 16, 2007 1:28 pm
|
|
|
Member
Registered: Apr 2007
Posts: 4
|
Before I begin to install your script I was wondering how secure it is. I have over the years tried to install quite a few forums. But I am quite the novice and most seems to get hacked and the database corrupted. I just don't wish to try again and have that happen with UseBB.
Also is the forum search engine friendly? Thx for your help |
|
#2 Mon Apr 16, 2007 1:40 pm
|
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
Same question asked a few years ago: http://www.usebb.net/community/topic-237.html
This still applies nowadays, even for the slightest vulnerability an update is being done, even when it doesn't necessarily poses a direct threat. The last time a directly exploitable vulnerability was found was 10 months ago in a 1.0 release candidate. However, vulnerabilities will always remain to be found in all web applications. Of course, you need to update your forum in order to remain secure. Most people install a forum and forget about updating it, even many years afterwards. I still discover versions ranging from 0.2(!) to 0.8 on the Internet. _______________ |
|
#3 Mon Apr 16, 2007 2:00 pm
|
|
|
Member
Registered: Apr 2007
Posts: 4
|
thx for your fast reply
 |
|
#4 Mon Apr 16, 2007 2:46 pm
|
|
|
Member
Registered: May 2005
Posts: 292
Location: Washougal, WA
|
You do, really... |
|
#5 Mon Apr 16, 2007 3:09 pm
|
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
It isn't hard to find, until 1.0 UseBB had the version number in the footer. One 0.2 version is somewhere hidden and owned by people who I once recommended UseBB to. I guess the forum isn't used anymore but still... As of UseBB 0.3 you'll find quite a lot of them using Google.
_______________ |
|
#6 Mon Apr 16, 2007 5:33 pm
|
|
|
Member
Registered: May 2005
Posts: 292
Location: Washougal, WA
|
Ah, found one running 0.3.2, can not believe some are still running older versions.
|
|
#7 Mon Apr 16, 2007 9:37 pm
|
|
|
Developer
Registered: Apr 2004
Posts: 2180
Location: Belgium
|
Yet another one that is being disused...
Sadly there isn't really a cure for this, automatic updates are out of the question since I don't have the resources to serve individual update files for an automated script (SF.net FRS is not usable, usebb.sf.net could be an option but I have my doubts about the security of SF.net's hosting). Also, we are currently hosted on a shared server with limited bandwidth, it could be usable for some time but it could pose problems later on. Perhaps if there is a colocated server some time. All we could do is make the version check notice more prominent and perform a check as soon as an admin logs into the forum, perhaps even making small delays (10 seconds) for administrators when the version is too much outdated. _______________ |
|
#8 Tue Apr 17, 2007 7:03 am
|
|
|
Member
Registered: May 2005
Posts: 292
Location: Washougal, WA
|
0.5.1, been around since June 30, 2005, and its recently used and yet they don't upgrade/update forum.
My last old one, be alot safer if people would get the latest. |
Page: 1
UseBB Community is powered by UseBB 1 Forum Software
