I am planning on setting up a small forum for some freinds. I have been looking at PHPBB and someother forum software. It seems that they all have some security issues.

1. Would anyone suggests a better forum software.

2. If I use PHPBB, I was thinking of either setting it up in a jail (apache, PHPBB, mysql) or just using vmware and setting up a very stripped down system that just runs the forum. That way if anything happens I can just backup the virtual drive nightly. Blow the messed up one away and restore.

This will be my first experience with this (and mysql) so I would appreciate any suggestions.

We have been using some free ones, but they are hit and miss at functioning and we are all broke, so a payed forum is out of the question.

Soule

PHPBB is fine, just keep up with the version releases and patches. I failed to do that and became a host for a phishing pherm :)

Since I've made it a point to keep up with it, system's been fine since.
Best way to learn is do :)

Also, if its just you and your friends (and I'm not 100% sure if I read that right), you could set up a basic authentication scenario under Apache.

One security tip, don't use the smtp mail features if you allow anyone to join, Fotunatly I wathed security logs to catch it but massive emails were being sent out and bounced back to me.

And good luck with your bb install whatch out for fake accounts from spammers too, I get at least 1 a week.

G'day Soulestream,

See 'www.cisecurity.com' for information on hardening Linux and Apache. In particular, set up the 'mod_security' module for Apache for application-level firewalling.

Regards,
Hugh