phpBB not vulnerable to imagemagick exploit

fitkoh

Member
PhpBB is one of the oldest free forum softwares. There are more phpBB installations than any other forum software. A modified phpBB also runs the forum in the world with the most users - Gaia Online with ~25 million members and over 2 billion posts.

One detrimental statistic about phpBB is it has had more security problems than any other forum software. This is almost unnavoidable when you have the largest user base. It's the same reason Windows has more security problems than any other operating system. The more people using a software, the more people are trying to abuse it.

I'm happy to say that in spite of their reputation for having the most security holes, they are security minded, as evidenced by this recent phpBB blog post.
 
fitkoh said:
PhpBB is one of the oldest free forum softwares. There are more phpBB installations than any other forum software. A modified phpBB also runs the forum in the world with the most users - Gaia Online with ~25 million members and over 2 billion posts.

One detrimental statistic about phpBB is it has had more security problems than any other forum software. This is almost unnavoidable when you have the largest user base. It's the same reason Windows has more security problems than any other operating system. The more people using a software, the more people are trying to abuse it.

I'm happy to say that in spite of their reputation for having the most security holes, they are security minded, as evidenced by this recent phpBB blog post.

LOL, That is not true. Security issues has to do with the people who code it. Not the user base. phpBB, Innovison, Vb, etc are all based on the same, php. PhP is good if the coder using it is knowledgeable with PHP. I have a site written in PHP that came out around the same time as PHPbb and my code is still secure as it was 18 years ago when it came out. The only other CMS that is more insecure then PHPbb and windows is Wordpress. They are more exploits and holes in it then swiss cheese.

The issue started when PHP came out. Coders got sloppy and started creating new commands and functions for it. With each new feature, coders found lazy ways of making it work. Todays PHP has more useless commands and functions in that, that it makes it more insecure then windows 98 ever was.
 
fitkoh said:
php vulnerabilities and tell us how you defended against them.

That is where you are so wrong. It does not have 1 security flaw in it. Had tons of people look for one and can't exploit it. Its all about who codes it. What they know and how often they stay on top of security exploits. PHP 5.6 has more holes then swiss cheese does.
 

fitkoh

Member
I won't dispute the possibility that I'm mistaken but I must argue that a contradiction does not equate to evidence. When was the last time you did a security audit? What parties did the investigating? What methods of intrusion were tested?

I have been wrong before, but I sincerely believe that there is no system that is incorruptible, no servers that are not hackable, and no code that is perfect. Furthermore, there is nothing you can say short of producing proof that will convince me your sites are completely secure.

Also, look at this quote:
I have a site written in PHP that came out around the same time as PHPbb and my code is still secure as it was 18 years ago when it came out.
Then this one:
What they know and how often they stay on top of security exploits.

What conclusions do you draw by examining these 2 statements?

Please don't think that I'm putting you down or insulting your work; what I am doing is keeping an open mind and examining all possibilities.

I also want to point out the original topic of this thread (and apologize for this digression) and remind you that phpBB coded their product to verify image files before being uploaded. Because of the way it was coded and the foresight of its engineers, the exploit was prevented from being possible on their service. If that's sloppy coding, we should all do more of it.