free forum software?

I run a box league for the kids at our tennis club and I want to set up a basic website for them with a few pages for results and photos, and a forum area. I can get most of what I want off freewebs (ie free hosting, form-filling type page builder, ability not to make it visible to search engines etc), but they don't have a decent forum feature - just a guestbook. Maybe there's some forum software which I could embed in a freewebs page....er..somehow.. Any suggestions?

 

I've got a fairly basic forum on my badminton club website (not that I can get anyone to use it www.hawksbc.co.uk. Have a look and if it looks OK I'll see if I can find out where to get it from.

I certainly didn't pay for it.

JEff

 

Yes, that's exactly the kind of thing I was thinking of...

 

Avoid things like PhPBB because there are many security holes with the common ones because people have studied the code. If you want somthing free and safe I would consider somthing like an ASP/ASP.NET based one as not many hackers know the code.

PHP is all too well understood by script kiddies. Even VBulliten has some major security flaws (Although version 3 sorted many of these out).

 

I think that is more than somewhat paranoid. The key point is to go for software that is well supported and to install the updates as soon as they are released. ASP / .NET etc just open a whole different can of worms as it’s Microsoft, runs on Microsoft technology and many people (such as myself) trust Linux / UNIX far more!

Tony.

 

ASP.NET is a perfectly stable platform and its a lot better than PHP in many ways, but thats a different argument. I used to be a moderator on one of the 100 biggest forums on the world, that ran VB and even with the most unique modifications to make it secure it was still hacked and many private PMs were leaked.

I doubt he could have done that if it was Microsoft based because the kids don't understand it.

Just don't get a Microsoft phone, they bloody crash all the time .

 

What does your freewebs hosting support in the way of scripting languages/databases? I imagine it wouldn't support MySQL/PHP/ASP for free anyway...?

In which case you're probably looking at a fairly limited bit of software anyway? Perl scripts with static files in place of a database?

Your best bet is probably to go with something remotely hosted... www.proboards.com springs to mind.

For a pretty small hosting fee, you'll give yourself the ability to run something more fully fledged yourself.

 

Big difference between moderator and the admin (i.e. the guy who sets up the security!). By saying that I suspect the student forum you moderated on would be hacked regardless of what platform or software it was running – it is a blindingly obvious target for student hackers and, being run by students, someone will inevitably have overlooked some aspect of security. Was it by any chance ‘The Student Room’? I just googled ‘student+vbulletin+UK’ and that seemed to be the biggest. If so it’s not at the latest and most secure version (3.5.4 rather than 3.6.2 – one major revision and two point releases behind current). I started the registration procedure and noticed they haven’t even got image verification turned on which is a schoolboy error and implies they may not have dug too deeply into the security features elsewhere.

If you were to hang around the vBulletin support forum it becomes pretty obvious that boards that are hacked are usually hacked either due to errors in administration, crap passwords or insecure servers. I’m not for a minute implying vBulletin is bullet proof, nothing is, but it’s pretty good and I trust it far more than I’d ever trust any web based Microsoft product or technology!

Tony.

 

Indeed its a the student room, all registrants have to be approved by admin before they are allowed to post in the general forum.

They don't have the image verification for accessbility reasons.

Because of the sheer size of that site upgrading is a mamouth task, you have to back up the entire database, then there is often modifications required to the update because of the bespoke add ons (much of them you have to pay to use).

There is also some very very expensive security features there which are mod secrets so I probably cannot say what they are (even though I gave up moderating due to time constraints).

VB is very good and if I had to use PHP that is what I would use. The attacks were done by a 16 year old kids getting scripts from a chat room.

 

I'm only looking at something very very very small, to support a couple of dozen teenagers at the club. I won't be promoting the site at all - basically unless people are given the address they won't know about it.. Technically I haven't got much clue... Freewebs has a form builder interface but also lets embed custom html on the pages - so I was hoping I could 'call' some external forum capability from that.

 

Midlife,

If you wish I'll see if I can e-mail the forum to you. It may have some of my settings but they're easily changed. It's pretty simple to set up - must be if I've got it.

Can always pm me yr e-mail address

Jeff

 

Sounds like you will get away with, just be careful about making the any directories 7-7-7 i.e allowing uploads. This is one security flaw. Also make sure the SQL statements are written properly so people can't change the query strings into SQL statement (seen an entire table been deleted that way ).

I used PHPBB when I had a forum, I made sure all upload functions were turned off. Even then my host informed me it was a major security risk.

 

thanks Jeff - have PM'd you
Roger

 

Or you can download it direct from here:

http://hot-things.net/cs/section.php?sid=3

Jeff

 

I seem to recall a bug in a much earlier version of vB that allowed malicious code to be uploaded in the same way people upload images or avatars assuming that is allowed by the admin (I don’t allow this at all on pfm). I assume this is what you mean. Otherwise I can’t understand how they could have got code up to execute on the server unless they had cracked some passwords, which is obviously a whole other kettle of worms.

Sorry to keep banging on about this but I think your advice to avoid PHP / UNIX in favour of M$ web products is misguided in the extreme. Microsoft have the worst security record of anyone in the entire history of computing - there would be next to no viruses or worms on this planet had M$ not produced the ideal delivery system!

Tony.

(OS X at home, Linux / MySQL / PHP at ‘work’).

 

agree 100%



Matt