Best Forum Boards

Which is the best forum software on these accounts:

Safety:
Performance:
Design:
Features:

Undoubted vBulletin is the best forum software, however I have seen some good reviews on Mybb forum software and phpbb forum. Which one do you think is the best?

What do you think?

MyBB Open Source Forum Software - Is the best forum script

You do not specify what "features" you desire, nor what your specifications for "design" are. Safety in regards to? Performance as compare to are what is your expected base line. Traffic amounts and so on, you need to expand your questions to get useful replies.

(08-18-2013 01:22 AM)chod Wrote:  You do not specify what "features" you desire, nor what your specifications for "design" are. Safety in regards to? Performance as compare to are what is your expected base line. Traffic amounts and so on, you need to expand your questions to get useful replies.

"Features" I want the complete package all the best features, I don't want to use plugins in the future.
"Safety" I want a forum that is safe, so it can't be hacked in or hijacked. Prevent "SQL injection"
"Performance" I want it to be fast under 1 second load time. I want fast load time!
Thanks

(08-18-2013 10:07 AM)destroyer Wrote:  

(08-18-2013 01:22 AM)chod Wrote:  You do not specify what "features" you desire, nor what your specifications for "design" are. Safety in regards to? Performance as compare to are what is your expected base line. Traffic amounts and so on, you need to expand your questions to get useful replies.

"Features" I want the complete package all the best features, I don't want to use plugins in the future.
"Safety" I want a forum that is safe, so it can't be hacked in or hijacked. Prevent "SQL injection"
"Performance" I want it to be fast under 1 second load time. I want fast load time!
Thanks

That still does not say what features YOU want. What are the best to me, can easily not be the best to you.

All forums can be "hacked" especially in the hands of inexperienced Admins, hobbyists, and so on. Take VBulletin for example and look at UbuntuForums most recent public incident. That was a mixture of social and exploiting the forum software. For that matter anything connected to the internet can be "hacked". The most "secure" software can crumble if not setup properly and the server and its configuration is not equally as secure.

You want 1 second load times. OK well what kind of hardware are you going to be running it on, how many visitors a day are you going to have, are you ready to expand hardware needs as the forum gets more massive, are you prepared to have load balancers for handling the times when your forum gets some massive social share and you uniques go up 100 times its normal rate per hour?

I could keep going on each of replies, but this is becoming painful.

Do you not see how you are not actually asking real questions here?

Chod is right! The most common mistake admins do is leaving their admin directory accessible by anyone.

Or wrong permissions, badly written firewall rules, leaving ftp running. Lots and lots and lots and lots and lots of things. That is why I get at least 2 jobs a week for fixing something someone hacked into

"badly written firewall rules, leaving ftp running" what do you mean? I use Filezila and I have never heard about that?

Honestly shared hosting is the devil that keeps FTP going. Even using one of the more "secure" versions of FTP such as vsftpd still leaves boxes at a higher risk of having unauthorized access gained. While using sftp does add another layer of "protection" it is an unneeded overhead on a server. You should just be using SSH if you are going to use sftp. If you host does not provide an sftp variant a simple wireshark capture and I have your creds in plain text. Take a look at year by year stats on compromises and even with running sftp there a tons of exploits released and compromises from using ftp.

To me FTP is just no more than a lazy answer to what something else already does, and does it more "securely". While it is OKish in my opinion to use, if it is badly configured and or not at the least using sftp you're asking to get pwned. It is technology that was in a sense made to solve the issues of shared hosting where thousands of people need to login to the same box and upload content. With the expectation that 99.9% of these users are not that technically competent and need a simple interface to interact. CLI scares the vast majority of people for some reason. There are programs like PAC Manager that gives you a GUI type SSH experience, while you still interact with the boxes through CLI it makes a singular tool to access every server you have. Like for me it is a life saver as I have to maintain a list of over 800 servers for clients, business and personal use.

Badly written firewall rules or the lack there of applies to any server of any OS regardless if FTP is running or not. I can't tell you how many times I get a call to come tune up or fix up something and I checkout firewall rules and I find ones that basically NULL out other rules in the list, or re open ports they are trying to close, things like that. As I have said numerous times there is a difference, a drastic one at that, between your low end hosting - Shared, VPS, Dedicated vs high end fully managed hosting. Especially if you need something relating to Compliance needs. Also the definition of dedicated in hosting is used VERY loosely and to almost every hosting company it has a slightly different meaning.

There is lots more to say, but this taking the topic way off track here at this point. But to summarize my personal opinion is ftp of any sort is not needed and adds a greater security risk to your box and or network.

Back to our originally asked question