GoNz0 said:
vBulletin Version 3.5.2
got to pay, but its good
No, it is not good. When it gets any load to it at all, it starts to slow down tremendously as it's SQL queries are badly formed, and in general could be made a lot better so that there are faster results, as well as less load on MySQL. It is one of the major reasons that I have so many problems running MySQL properly. When asked to optimize, or why a site slows to a crawl in fast hardware all they tell one to do is throw more hardware at it, this works, but it does not scale very well.
IBF handles it a lot better, and makes use of MySQL, but at the same time, has it's queries in such a way that MySQL is not overwhelmed trying to get the information. This makes all the difference. IBF is a lot more friendly to getting stuff optimized as much as possible. They have worked with Neowin in the past to resolve bottle necks, as well as with me personally for another site I administrate for to get their queries so fine tuned that throwing more hardware at the problem is not really an option, it has become a last resort.
SPeedY_B said:
I highly doubt it. phpBB is known for utter crap security, new exploits are quite often and frequently unearthed for it.
I'd second the notion to use
vBulletin.
Alternatively, some free options I've previously used, are
Phorum and
PunBB.
I have used by Phorum and PunBB, both are not really up to par with the others like IBF, vBulletin, and or phpBB when it is not exploited.
Read above for why I don't suggest vBulletin though.
LeeJend said:
Numbers and cases are inadequate. You need to add punctuation and use the longest password possible. Even then a brute forcer on an AMD 64 will be able to get it eventually.
Do you have security set properly?
-Disable a login ID after 3 tries?
-Are you sure you have killed all the default passwords and logins?
-Are you positive there is not a rootkit on the server or your admin's systems?
-Are you using unsecure wireless to change the password? You could be getting intercepted. Use a (yuk) dial up line or DSL to change the password. Cable and wifi are very insecure.
-When you set the password are you using an encrypted connection?
Disable a login ID after 3 tries is not something phpBB has standard, IIRC, if it does, it is a good thing to enable it, but it does not help if it once again is able to be exploited because of an SQL query that is not quoted properly, and thus can be exploited.
I'd like to hear your reasoning as to why cable is not very secure. Cable is just as secure as dialup and or DSL. Wifi is secure as well, if WPA is used. All of them somehow end up on the internet anyways, in plain text, unless the connection is SSL. So using any one of them should not make a difference.