Aquatic Plant Forum banner
Cancel

Now that APC has changed, this problem will be avoided

2421 Views 11 Replies 5 Participants Last post by  pineapple
P
Now that our esteemed Site Admin and his colleagues have changed APC to VBulletin we will not have to suffer this problem!

Andrew Cribb
Reply
Save
Like
1 - 3 of 12 Posts
M
While vBulletin is nice, I have my doubts that it is any more secure than phpBB. phpBB is a well-written application, and I think it will become more and more secure over time, not less - the key thing is that they have a development team that is vigilant about closing these holes quickly. A lot of these site defacements come through vulnerabilities in other software like PHP itself or various add-on packages, etc. The bottom line is that the more publicly available software and scripts you have running on a site, the more vulnerable it is. APC has quite a lot of special features and custom modules, so it's something to watch out for.

No complex web software (vBulletin included) is 100% secure. It is very likely that there are more undiscovered security bugs in both phpBB and vBulletin. You don't want to let your guard down or assume you're protected just because you're running commercial software now.

FWIW. I'm a grad student specializing in computer security and I've read in detail about how the recent phpBB problems worked.
See less See more
Reply
Save
Like
M
Art_Giacosa said:
Mnemia,

VB has gone from 3.0.3 to 3.0.6 in just a few weeks because of security issues. I agree that no software is totally secure.

Security was a reason for our move, it wasn't the only one. VB is a much more mature product at this point in time. I'm sure when phpBB 3 is released, it will catch up.
Click to expand...
Cool, I wasn't meaning to question the move. There are certainly good reasons to move to vBulletin besides just security (database performance is a big one from what I understand, as is sheer numbers of features and the quality of the search tool). There are some really big sites that run on phpBB (I've seen some forums with 50+ times the number of users, posts, and threads that this one has) but mostly they run on really powerful and expensive hardware. That particular forum runs on a quad Xeon machine with I think 8 GB of RAM (!).
Reply
Save
Like
M
If you click on View > Page Source in Firefox, it appears that you can verify the "real" identity of a site that is using the URL spoofing exploit (at least for me, the spoofing doesn't work there on a couple of sites that demonstrate the bug). Still sucks, but at least there's a way to check up on a site if you're feeling paranoid or uneasy about something you're seeing.

At least it isn't anything more serious that's wrong with it. It's easy to assume that you're totally safe when using Firefox (or Firefox + Linux in my case) but this just goes to show that's not always the case.
Reply
Save
Like
1 - 3 of 12 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Aquatic Plant Forum
A forum community dedicated to aquatic plant owners and enthusiasts. Come join the discussion about collections, displays, tanks, styles, troubleshooting, reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
General Aquarium Plants Discussions For Sale or Trade El Natural DIY Aquarium Projects Equipment
Top