PhpBB3 Hardening: Difference between revisions

From Acenet Knowledgebase
Jump to navigation Jump to search
test
 
No edit summary
 
Line 1: Line 1:
<html><br /> phpBB is a very popular, web-based forum software.  As of the time of this writing, the current phpBB version is phpBB3.  If you are running an older version of phpBB, we highly recommend that you upgrade your forums immediately.  phpBB version 3 contains many useful features for securing your forums.  As always, it's best to run the latest version of any web-based software to ensure any security holes are patched and your software can be trusted.<br /> <br /> Like any other forums, without proper precautions you can quickly find your users are populated with automatic spam bots and your forum threads contain nothing but spam advertisements.  In addition to the unwanted content, this spam has additional side effects.  The sheer amount of spam that can populate your forums can end up consuming large amounts of your database's disk space.  When users try to search your forums, there is an excessive amount of content to sift through.  phpBB's search function often causes a large CPU and memory performance degradation when the database has been filled with millions of spam entries. <br /> <br /> phpBB3 contains many built in features which can help your site to stay free of spammers and unwanted advertisements.  Ironically, none of these features come enabled by default.<br /> <br /> The first feature we will discuss is the captcha.  A captcha is a image-based rendition of a string of numbers and letters.  Text is easy for automated spam bots to crawl and interpret.  It is prohibitively more difficult for an automated bot to view an image and interpret the textual meaning of the picture.  By enabling your forum's captcha, you can help prevent automated spam bots from automatically register at your site.  The following video demo will illustrate how to enable your forum's captcha:<br /> <br /> <a id="articlelink" href="https://esupport.acenet-inc.net/article/269">Enabling Captcha during Registration</a><br /> <br /> Second, we will show you how to disable guest posting.  If a user is interested in your site's content, it is reasonable to assume that they can take the time to register for a new account if they wish to contribute.  By disabling guest posting, you can still allow your visitors to view the content hosted at your site, but only registered members can post to threads or start new topics.  By disabling guest posting, you can more easily control what content is displayed on your boards.  If a user continuously posts defamatory responses, you can easily suspend or ban their account.  Above all, however, by disabling guest posting you prevent spam bots from automatically posting spam to your forum threads.  This demo will show you how to disable guest posting in phpBB3:<br /> <br /> <a id="articlelink" href="https://esupport.acenet-inc.net/article/270">Disabling Guest Posting</a><br /> <br /> Lastly, we will discuss enabling email confirmation for your forum's registration process.  Forcing a user to register a valid email address with their forum user account has many advantages.  Users can more easily retrieve their password information and gives you, as a forums administrator, the ability to contact your members if you decide to send out a mailing list or forum announcement.  Above all, by requiring that your users confirm their registration after receiving an email, you are ensuring that they are a real person and must login to their email and following a link to confirm.  It is possible that a spam bot can do this too, which is why we suggest using this feature in conjunction with our other recommendations.<br /> <br /> <a id="articlelink" href="https://esupport.acenet-inc.net/article/271">Enabling Registration Email Confirmation</a><br /> <br /> Using these three measures, you can lock down your phpBB3 installation.  Visitors come to your site to read about your content, help improve their experience by keeping your forums free of unwanted spam and advertisements.<br /> <br /></html> [[Category:PHPBB3]]
phpBB is a very popular, web-based forum software.  As of the time of this writing, the current phpBB version is phpBB3.  If you are running an older version of phpBB, we highly recommend that you upgrade your forums immediately.  phpBB version 3 contains many useful features for securing your forums.  As always, it's best to run the latest version of any web-based software to ensure any security holes are patched and your software can be trusted.
 
Like any other forums, without proper precautions you can quickly find your users are populated with automatic spam bots and your forum threads contain nothing but spam advertisements.  In addition to the unwanted content, this spam has additional side effects.  The sheer amount of spam that can populate your forums can end up consuming large amounts of your database's disk space.  When users try to search your forums, there is an excessive amount of content to sift through.  phpBB's search function often causes a large CPU and memory performance degradation when the database has been filled with millions of spam entries.
 
phpBB3 contains many built in features which can help your site to stay free of spammers and unwanted advertisements.  Ironically, none of these features come enabled by default.
 
The first feature we will discuss is the captcha.  A captcha is a image-based rendition of a string of numbers and letters.  Text is easy for automated spam bots to crawl and interpret.  It is prohibitively more difficult for an automated bot to view an image and interpret the textual meaning of the picture.  By enabling your forum's captcha, you can help prevent automated spam bots from automatically register at your site.  The following video demo will illustrate how to enable your forum's captcha:
 
[[Enabling Captcha during Registration]]
 
Second, we will show you how to disable guest posting.  If a user is interested in your site's content, it is reasonable to assume that they can take the time to register for a new account if they wish to contribute.  By disabling guest posting, you can still allow your visitors to view the content hosted at your site, but only registered members can post to threads or start new topics.  By disabling guest posting, you can more easily control what content is displayed on your boards.  If a user continuously posts defamatory responses, you can easily suspend or ban their account.  Above all, however, by disabling guest posting you prevent spam bots from automatically posting spam to your forum threads.  This demo will show you how to disable guest posting in phpBB3:
 
[[Disabling Guest Posting]]
 
Lastly, we will discuss enabling email confirmation for your forum's registration process.  Forcing a user to register a valid email address with their forum user account has many advantages.  Users can more easily retrieve their password information and gives you, as a forums administrator, the ability to contact your members if you decide to send out a mailing list or forum announcement.  Above all, by requiring that your users confirm their registration after receiving an email, you are ensuring that they are a real person and must login to their email and following a link to confirm.  It is possible that a spam bot can do this too, which is why we suggest using this feature in conjunction with our other recommendations.
 
[[Enabling Registration Email Confirmation]]
 
Using these three measures, you can lock down your phpBB3 installation.  Visitors come to your site to read about your content, help improve their experience by keeping your forums free of unwanted spam and advertisements.
 
[[Category:PHPBB3]]

Latest revision as of 15:48, 9 October 2012

phpBB is a very popular, web-based forum software. As of the time of this writing, the current phpBB version is phpBB3. If you are running an older version of phpBB, we highly recommend that you upgrade your forums immediately. phpBB version 3 contains many useful features for securing your forums. As always, it's best to run the latest version of any web-based software to ensure any security holes are patched and your software can be trusted.

Like any other forums, without proper precautions you can quickly find your users are populated with automatic spam bots and your forum threads contain nothing but spam advertisements. In addition to the unwanted content, this spam has additional side effects. The sheer amount of spam that can populate your forums can end up consuming large amounts of your database's disk space. When users try to search your forums, there is an excessive amount of content to sift through. phpBB's search function often causes a large CPU and memory performance degradation when the database has been filled with millions of spam entries.

phpBB3 contains many built in features which can help your site to stay free of spammers and unwanted advertisements. Ironically, none of these features come enabled by default.

The first feature we will discuss is the captcha. A captcha is a image-based rendition of a string of numbers and letters. Text is easy for automated spam bots to crawl and interpret. It is prohibitively more difficult for an automated bot to view an image and interpret the textual meaning of the picture. By enabling your forum's captcha, you can help prevent automated spam bots from automatically register at your site. The following video demo will illustrate how to enable your forum's captcha:

Enabling Captcha during Registration

Second, we will show you how to disable guest posting. If a user is interested in your site's content, it is reasonable to assume that they can take the time to register for a new account if they wish to contribute. By disabling guest posting, you can still allow your visitors to view the content hosted at your site, but only registered members can post to threads or start new topics. By disabling guest posting, you can more easily control what content is displayed on your boards. If a user continuously posts defamatory responses, you can easily suspend or ban their account. Above all, however, by disabling guest posting you prevent spam bots from automatically posting spam to your forum threads. This demo will show you how to disable guest posting in phpBB3:

Disabling Guest Posting

Lastly, we will discuss enabling email confirmation for your forum's registration process. Forcing a user to register a valid email address with their forum user account has many advantages. Users can more easily retrieve their password information and gives you, as a forums administrator, the ability to contact your members if you decide to send out a mailing list or forum announcement. Above all, by requiring that your users confirm their registration after receiving an email, you are ensuring that they are a real person and must login to their email and following a link to confirm. It is possible that a spam bot can do this too, which is why we suggest using this feature in conjunction with our other recommendations.

Enabling Registration Email Confirmation

Using these three measures, you can lock down your phpBB3 installation. Visitors come to your site to read about your content, help improve their experience by keeping your forums free of unwanted spam and advertisements.