Secure IIS Web BBS Software.....
Results 1 to 4 of 4

Thread: Secure IIS Web BBS Software.....

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    Secure IIS Web BBS Software.....

    I must have looked bored for a millisecond..... So I got another project....

    The scenario: Users want to create a BBS type system to be available on a member basis to the internet. They would have an administrative user but would like the ability to have moderators etc. Basically a chunk of the functionality of AO but without APs and the like.

    The solution: Placed on a server of it's own in the DMZ and managed, (non-technically), by a memeber of that department i don't have an issue. I was asked to decide what software to use. I don't want a custom written job... a plain jane, reasonably priced, well supported off the shelf would do me just fine.

    The problem: I trot on out to google and do a search.... There's loads of them, phpBB, IdealBB, Ikonboard...... the list goes on. So I start typing the names and the word "exploit" into google and all of them I have checked have a list as long as your arm of exploits..... One stood out insofar as they seem to publish alerts for the exploits against their system, (phpBB). The problem is that they list more exploits than M$ which is a bummer to say the least.

    The question: Do any of you have experience with these things and can recommend a cost effective, (read: cheap), well supported, secure system that would fit what I am looking for.

    Thanks for any insight.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    I have had a lot of sucess with YaBB, it dose have the ocasional exploit but they are patched very quickly. Its writen in Perl and if you know perl very easy to customize and if useing mod perl with apache or perl.net with IIS it runs faster then PHP.
    Who is more trustworthy then all of the gurus or Buddha’s?

  3. #3
    Banned
    Join Date
    May 2003
    Posts
    1,004
    It doesn't matter what BBS you use, just find the one that meets the required functionality. Security should not be an issue at that level. Secure the web app at the web service level, secure the web service at the OS. This approach assumes that applications will have flaws, because they will and you will find yourself safer in the end.

    I'd stick to an ASP board as you will have less scope for server security and it should be faster (unless you can find a nice ISAPI + SQL Server one which is doubtful)

    catch

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Thanks for the assist guys.......

    I'll stick with what I know and look for an ASP app.

    I just really hate using things that appear to have such an awful history of exploits... and who knows, therefore, how many are undiscovered.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •