phpBB3 Hardening

phpBB is a very popular, web-based forum software. As of the time of this writing, the current phpBB version is phpBB3. If you are running an older version of phpBB, we highly recommend that you upgrade your forums immediately. phpBB version 3 contains many useful features for securing your forums. As always, it's best to run the latest version of any web-based software to ensure any security holes are patched and your software can be trusted.

Like any other forums, without proper precautions you can quickly find your users are populated with automatic spam bots and your forum threads contain nothing but spam advertisements. In addition to the unwanted content, this spam has additional side effects. The sheer amount of spam that can populate your forums can end up consuming large amounts of your database's disk space. When users try to search your forums, there is an excessive amount of content to sift through. phpBB's search function often causes a large CPU and memory performance degradation when the database has been filled with millions of spam entries.

phpBB3 contains many built in features which can help your site to stay free of spammers and unwanted advertisements. Ironically, none of these features come enabled by default.

The first feature we will discuss is the captcha. A captcha is a image-based rendition of a string of numbers and letters. Text is easy for automated spam bots to crawl and interpret. It is prohibitively more difficult for an automated bot to view an image and interpret the textual meaning of the picture. By enabling your forum's captcha, you can help prevent automated spam bots from automatically register at your site. The following video demo will illustrate how to enable your forum's captcha:

Enabling Captcha during Registration

Second, we will show you how to disable guest posting. If a user is interested in your site's content, it is reasonable to assume that they can take the time to register for a new account if they wish to contribute. By disabling guest posting, you can still allow your visitors to view the content hosted at your site, but only registered members can post to threads or start new topics. By disabling guest posting, you can more easily control what content is displayed on your boards. If a user continuously posts defamatory responses, you can easily suspend or ban their account. Above all, however, by disabling guest posting you prevent spam bots from automatically posting spam to your forum threads. This demo will show you how to disable guest posting in phpBB3:

Disabling Guest Posting

Lastly, we will discuss enabling email confirmation for your forum's registration process. Forcing a user to register a valid email address with their forum user account has many advantages. Users can more easily retrieve their password information and gives you, as a forums administrator, the ability to contact your members if you decide to send out a mailing list or forum announcement. Above all, by requiring that your users confirm their registration after receiving an email, you are ensuring that they are a real person and must login to their email and following a link to confirm. It is possible that a spam bot can do this too, which is why we suggest using this feature in conjunction with our other recommendations.

Enabling Registration Email Confirmation

Using these three measures, you can lock down your phpBB3 installation. Visitors come to your site to read about your content, help improve their experience by keeping your forums free of unwanted spam and advertisements.

Was this answer helpful?

 Print this Article

Also Read

How do I create a database / manage them?

Login to cPanel and click MySQL Databases. After your database is created you can manage it from...

None of my cgi scripts are working on the server. How do I get them to work?

Make sure that they are chmoded to 755, if you still have a problem please submit a ticket.

Using ForceType for friendly URL's

If you want to use ForceType for friendly URL's, our web servers are running PHPSUEXEC, you'll...

OSCommerce - Reset a lost admin password

To reset the Admin password in newer versions of OSCommerce, you will need to do the following:...

Securing your Joomla website against Hacking

Security is a growing concern with all of the hackers and script kiddies waiting to do bad things...