Advice on Securing PhpBB 3.1.9, before going live with a new forum ?

DanielGarneau

Enthusiast
Joined
Dec 21, 2014
Messages
151
Hello everyone at TAZ,

What advice would you have to give me for securing my new PhpBB 3.1.9 forum, before I make it publicly available to humans and robots? So far I installed and activated the "Stop Forum Spam" extension, and created niche related questions for the "Sortables Captcha" extension, which is also activated, and ready to go.

I should probably add that my main domain is transiting through a free CloudFlare account. My forum will be located inside of the same domain in a structure such as DomainName / ForumName. From this it will result that my forum will automatically be included into the CloudFlare CDN services. As far as security features added through CloudFlare, here is how they describe it: "[CloudFlare] Protect your website from online threats with our enterprise grade Website Application Firewall (WAF)."

Thank you in advance for whatever input anyone wishes to provide, either directly, or by pointing out to other areas of this forum dealing with this question and that I may have missed.
 
Last edited:

salem

Adherent
Joined
Dec 26, 2010
Messages
376
Just a short post from me ,
Security , phpBB pretty much has it covered as much as possible at the time , they learned their lesson mid phpBB2 series
By the end of two (2.0.23 ) it was pretty solid and there's been no direct incidents with 3.0 & 3.1 both were independently audited prior to release .
Possible issues , using Non validated extensions , bridged with a less secure software .

Spam isn't really or shouldn't be classed as a security problem , bots or humans they're still only users registering as any other member and you have it covered with SFS & Sortables . One other thing you can do if worried about spam is to enable the "New User Group " and set the pre modded posts to one and any iffy post will never be seen on the board .

PhpBB already uses caching so your host hopefully will have cloudflare properly set up , not all do and can cause issues ,
such as IP's all being the same and above caching .
 
Last edited:

DanielGarneau

Enthusiast
Joined
Dec 21, 2014
Messages
151
Hello salem,

I have a New user group configured with a limited set of rights, but what do you mean by "set the pre modded posts to one" ? o_O
 

doubt

Tazmanian
Joined
Feb 25, 2013
Messages
4,864
I have a New user group configured with a limited set of rights, but what do you mean by "set the pre modded posts to one" ? o_O
I think he means moderate only the first post.
As soon as it's been approved the member can post without moderation.
 
Top