Message Board Security Problems
Security leaks can be a big problem for any site using a message
board. Hackers can actually use your message board to go in and
change things on your site. This has happened to me at least
four times. Once an iframe was added to every single page of one
of my very large sites. Thankfully, I had it completely backed
up, so all I had to do was send the pages back up to the server.
Twice, the front page of one of my sites was hijacked. The
entire content of the front page was replaced by some note from
a hacker stating he had been there.
The last time one of my sites had to be taken down to prevent
the server from crashing. After calling my web host they were
able to tell me my message board was the cause of the problem. I
used, and still do on some sites, the phpbb message board. It is
one of the most popular boards on the internet, and it's free.
The web host tech told me that the problem was that a virus of
sorts had been placed onto the server, through the message
board, in the message board folder, and was calling out to other
servers causing a major load on my web host's server. To fix the
problem the web host tech found the file and deleted it. After
that, all I had to do was update to the latest version of phpbb
and so far so good.
If you use a popular message board like phpbb you need to make
sure you've always got the latest version. The more popular a
message board is, the more hackers are likely to strike. Perhaps
the familiarity is the problem or maybe the hackers know they
can get a lot of bites going after a widely used board. As of
this writing, the most current version of phpbb is 2.0.15. As
the phpbb guys are always security conscious they have added to
this version a re-authentication to access the administration
panel.
Forums are a very important part of a website, but they can be
the downfall if your board script is not updated on a regular
basis.