phpBB for your Forum

Written by admin on August 28th, 2010 in Phpbb reviews.
Tags: ,

What are the reasons for having a forum?

Forums give clients and future clients the chance to talk about topics between each other. They can ask questions or provide reviews while reading responses from additional people. This is very handy for the users and may alleviate the workload of your support and customer service staff.

In addition, it’s a great way to obtain free links for Search Engine Ranking.

Why select phpBB?

There is no charge. Licenses do not need to be purchased. phpBB is free to the public. Besides the program (source code) being unencrypted, the license allows you to alter it or add new code as desired. Note that to make more major alterations, you will need to possess or acquire some PHP expertise.

Setting up phpBB

It’s pretty straightforward to install the phpBB. Unless Fantastico is installed on the server by your website host, a little bit of familiarity is necessary for you to perform the initial installation. PhpBB can be automatically installed by Fantastico; after which a bit of configuration is needed before you can start your forum. If you prefer to do the installation yourself, you will need to grasp, or learn, how to change file and folder permissions; FTP; as well as the MySQL database setup process.

Personalize: Altering the look or functionality.

You have the option of altering or selecting a new theme for your phpBB forum. The majority of the authors do not charge a fee or request donations. If you are feeling confident, you can make your own or alter your current theme.

Assistance is readily available on the phpBB user forums. You can pay a programmer to make the desired changes. Qualified PHP programmers are not hard to locate and are cost effective — especially if you do not already have a working knowledge of PHP.

Stephen Grisham, Sr. is a copy writer for InfoServe Media, LLC. InfoServe Media is a Houston web design company and hosting company. Or if you just need a few changes to an existing site, InfoServe Media also offers website maintenance.

Bookmark and Share

Brief History of DreamHost

DreamHost (DH) was founded by four Computer Science undergraduates students in 1997. Since then DH has grown and has become one of the famous web hosting providers. According to DreamHost official blog they are now hosting more than 700,000 domains.

In spite of becoming such a big player in hosting world, their service hasn’t been degraded and their first and only goal is to provide wonderful user experience to their customers. Now, managing more than 700,000 domains is not an easy task. They keep their growth in mind and they have enough support and technical staff to handle their increasing customer base. Need less to say that they also have data center with enough servers and redundant gigabyte Internet connections.

Why I Wanted Hosting And My Requirements

DreamHost is not the first hosting I am hosting my sites with. Actually DH is the third hosting company I have tried. I changed to DH over my previous two hosting company because those did not satisfy my requirements.

From May 2007, I was impressed by world wide web and I wanted to make some money online. Now for making money online, you need to have website. In the August 2007, I was looking for Linux web hosting company. I was looking for web hosting which provides lots of space, lots of data transfer limit, unlimited domain name hosting, unlimited mails and ssh users. So if I want to make any changes in any page, I can do that over ssh prompt. Since I was about to start online business, I was looking for service which provides very high up time and good technical support. I also wanted all these features at very cheap rate.

I researched a little bit at that time and found that DreamHost is cheap and provides all the features I wanted. I did more research about service and support. I found many good reviews. I also found some bad reviews. I read all reviews and I wanted to go for DH but after reading bad reviews I could not make my mind. I searched more but didn’t find any hosting service which provides all needed features at cheap rate. Finally, I thought there always will be some bad reviews on any service and decided to give a try to DreamHost. Since I was on a limited budget, I didn’t have many choices. So on 17th August 2007, I finally registered service with DH.

Hosting Plan I Use

Currently DreamHost offers only one plan for shared hosting. At the time when I purchased, they were offering three plans.

1. Crazy Domain Insane
2. Sweet Dreams
3. Code Monster

I selected Crazy Domain Insane plan. They provided around 200GB of disk space and 4TB of data transfer limit. This limit also increases weekly. It’s a way to say thank to their customer for staying with them. This limit was more than enough for my usage.

Easy to Use Control Panel

When you register the service, DreamHost provides login details for the control panel. DH is not using any readily available control panel like CPanel. They have their own control panel written in perl. You can control any of the service by logging in to panel. You can create or delete mail and mysql account or to install or remove any software from the panel.

When I purchased a web hosting service, I also got one domain for free to register. I registered my domain and I wanted to install WordPress blog on it. DH provides one click installation of many open source softwares like WordPress, Gallery, ZenCart, PhpGedView, OpenX, phpbb, joomla, MediaWiki and many more. So I just logged in to the panel, select WordPress, insert the mysql database, user and password information and clicked on Install. Within just 3 minutes, I got mail from DreamHost saying that WordPress blog is installed on my domain. That was the easiest WordPress installation I have done ever.

Reliability And Support

In the last 10 months, I only needed to contact their support two times. First time when one of my sites was down. I opened a support ticket but within few minutes my site was up after opening the ticket. Second time my site was up but was not able to connect to mysql database. I opened a support ticket and tried to figure out what went wrong. Since I am a technical person, I know how to troubleshoot. I removed mysql user and created it again and problem was solved. I have to admit that their support response is very quick. I got the response in both cases within 10 hours.

For support, DH provides three kind of support. They have their wiki where you can get many how to. If you want to install any software, change DNS entry or want to do any thing using panel and don’t know how to do, Wiki is the best place to search for. You will get the answer of your question immediately. DreamHost also provides forum where advance users might help you to solve your problem. If after using wiki and forum, you don’t get the solution for your problem then you can open a support ticket from panel and one of the DreamHost support representative will be in touch with you.

Conclusion

Currently I have 9 domains hosted with DreamHost. Of course, not all of them are getting heavy traffic but I never had major break down service. I measure the uptime for my sites and it varies from 99.5% to 99.9% . I am very happy with DH and will recommend it to any one looking for cheap and good hosting service.

Dhruv Patel is a customer of DreamHost. He has created site to help new DreamHost customers and to promote DreamHost by giving DreamHost coupon. You can also find detailed DreamHost review there.

Bookmark and Share

Securing websites

Written by admin on August 27th, 2010 in Phpbb security.
Tags: ,

1. Introduction

For systems like servers that are designed to be ‘always on’, security is an important issue. Web servers are the backbone of the internet. They provide the core services and functionalities of the billions of websites around the world and, as a result, act as a repository for the personal data of everyone who visits them. Ensuring that servers are secure from outside attack is a prime concern for any organisation who rely on them.

In the last few years attacks against web servers have increased substantially. As the map below shows, it is immaterial where in the world you base a web server: malicious code respects no boundaries. The threat is not only international, but now comes from organised criminal gangs looking to harvest passwords, financial details and other information, rather than teenage hackers looking to cause mischief. In most cases an attack occurs unobtrusively, with servers and websites corrupted with malware designed to infect as many users as possible.

Web servers are particularly vulnerable as they are ‘open’ by nature, with users encouraged to send and receive information to them. The HTTPD (HTTP server daemon), database software and code behind a website can each be re-written by a criminal and their original function altered.

However, that is not to say that web servers cannot be protected. They can, but it requires an integrated approach from website administrators, programmers and designers alike, with areas such as anti-virus software, operating systems (OS) and access permissions requiring constant review.

This paper will explore many of the common areas that lead to a compromised web server and the ways of preventing them.

2. Secure foundations

The first step in designing, building or operating a secure website is ensuring that the server that hosts it is as safe as possible.

A web server is made up of layers that provide multiple avenues of attack, as the diagram below shows. Remember, each block is a possible target.

The foundation of any server is the OS and the secret to ensuring that it remains secure is simple: keep it updated with the latest security patches. Doing so could not be easier, with Microsoft [1], together with many flavours of Linux, allowing organisations to apply the patches automatically or launching them with a simple mouse click.

However, remember that hackers too automate their own attempts with malware designed to jump from server to server until it finds one which is unpatched. This is why it is important to ensure that your patches are up-to-date and installed properly, as any server running old patches will become a victim.

You also need to remember to update any software components that run on a web server. Anything that is non-essential, such as DNS servers and remote administration tools like VNC or Remote Desktop, should be disabled or removed. If remote administration tools are essential, however, then avoid using default passwords or anything that can be easily guessed [14]. This is not only applicable for remote access tools, but user accounts, switches and routers as well.

The next area to be addressed is anti-virus software. This is a must for any web server – whether it running Windows or Unix – and, combined with a flexible firewall, is one of the strongest forms of defence against security breaches. When a web server is targeted the attack will attempt to upload hacking tools or malware immediately, so as to take advantage of the security breach before it is fixed. Without a good anti-virus package, a breach in security can go unnoticed for a significant amount of time.

When it comes to defence, a multi-layered approach is best. In the frontline are the firewall and the OS, while in the trenches is the anti-virus, ready to rush in and fill any gaps that present themselves.

In summary:

• Do not install software components you do not need. Every component is a risk, the more there are, the greater the risk

• Keep your OS and applications patched with the latest security updates.

• Use anti-virus, enable automatic updates and regularly check that these are installed correctly.

Some of these tasks might appear onerous, but do not forget that just a single security hole is enough for an attacker. The potential risks include stolen data and bandwidth, server IP blacklisting, the negative impact on an organisation’s reputation and the possibility that your website could become unstable.

The next most important piece of software is the HTTPD itself, with the two most popular alternatives being ISS and Apache.

2.1 Internet Information Services (IIS)

ISS is part of Microsoft Windows and is a popular and commonly used web server, as it requires very little configuration.

When implementing it, however, it is worth remembering the following:

• Disable default services such as FTP and SMTP unless you need them. Disable the directory browsing function unless it is required as it allows visitors to see which files are running on your system.

• Disable any FrontPage Server Extensions that are not being used.

You should also keep ISS fully updated, which can be done by simply enabling the Auto Update function that is found in the Windows Control Panel.

2.2 Apache HTTP Server

Apache is a highly configurable and well-maintained open source web server. It requires a more detailed configuration to deploy successfully, but provides greater control over a web server. Most Apache servers run on Linux/BSD, but it can also run on Windows.

Because configuring Apache is complex, there is not space in this paper to detail the entire procedure. However, the following tips [2,3,4] are worth bearing in mind:

• Deny resource access by default and only allow resource functionality as desired.

• Log all web requests as they help identify suspicious activity.

• Subscribe to the Apache Server Announcement mailing list which can send updates, patches and security fixes.

Websites that require a more complicated functionality sometimes augment their HTTPD with a server-side interpreter via CGI (Common Gate Interface). The two most popular are PHP and ASP.

2.3 PHP and MySQL

PHP is one of the most common server-side scripting languages. It has a very large functional code base, simple syntax, adaptable code and, most importantly, interacts with a large number of database formats. MySQL is one of the most popular database choices to use in conjunction with PHP as it is fast, feature-rich, easy to configure and use.

PHP has often been accused of being security-lax as over the years many exploitable bugs have been found within it. However, it has matured steadily and most of the bugs tend to be avoidable by either configuring the installation correctly and/or writing the code securely.

Here are some configuration tips (writing secure code is covered in a later section) that relate to the variables in the “php.ini” file:

• Set ‘register_globals’ off

• Set ‘safe_mode’ on

• Set ‘open_basedir’ to the base directory of the website

• Set ‘display_errors’ off

• Set ‘log_errors’ on

• Set ‘allow_url_fopen’ off

For more information on these configuration directives and why they are important, please see [6,7,10].

When MySQL is installed it creates a default ‘test’ database and an open ‘root’ account that is password-free. The root account is then automatically given free access to every other database on the server which is why it is important to:

• Change the root password immediately.

• Create a new MySQL user and give it the bare minimum privileges.

• Remove the test database and test users.

2.4 Active Server Pages (ASP)

ASP is a Microsoft add-on that is supported by IIS, though there is also an Apache implementation. ASP is integrated in IIS and so usually requires little or no configuration.

2.5 Security

Anti-virus is generally the final line of defence against an attack which is why web servers, particularly those dealing with dynamically generated content, should have on-access scanning enabled at all times. As the chart below shows, no web server is safe from malware. No matter how secure you think your web server is, there is always a chance that it will get hacked. On-access scanning significantly reduces the chance of malicious code running on the system as it can scan in both ‘on read’ and ‘on write’ modes, and can then deliver an immediate notification as soon as any piece of malware tries to store itself on the server.

While on-access scanning can affect the throughput of the server slightly, but the added security benefits far outweigh any possible performance issues. There are also areas of the system, such as the HTTPD log folder, that can be excluded from the scan, which further reduces any impact on the system.

Attacks against web servers can be generally categorised into two main types: local and global.

• Local attacks usually attempt to steal information or take control of a specific web server.

• Global attacks are generally targeted towards multiple websites and aim to infect anyone visiting them.

Although Linux and BSD are regarded in some quarters as more secure than Windows, they are certainly not exempt from organised crime. They can – and should – have anti-virus software installed. Even if malware cannot execute on the host server because it is protected with anti-virus software, it can still be served up as valid content to website users as some hackers upload it in PHP or ASP, thus rending the OS of the web server redundant.

It is also possible for servers to become infected across a local network. The Fujacks family of worms, for example, infect HTML, PHP and ASP files over shared drives and network shares.

3. External Web Hosting

Most organisations do not have the hardware or stability of bandwidth to host their own web server and as such use external providers. There are three alternatives that are suitable for small and large organisations:

• Shared dedicated hosting.

• Virtual dedicated hosting.

• Dedicated hosting.

3.1 Shared dedicated hosting

This is possibly the most used and abused of all forms of web hosting and involves a dedicated server hosting multiple websites. It is one of the cheapest forms of hosting and consequently one of the most dangerous, as it can take just one infected user to infect everybody else using the server.

An excellent real-life example of the problems inherent with shared hosting can be found in the following SophosLabs Blog posting:

http://www.sophos.com/security/blog/2007/06/172.html

3.2 Virtual dedicated hosting

Virtual dedicated servers – sometimes referred to as elastic servers – are created by using virtualization software to run a number of separate, self-contained virtual servers on just one machine. This is appropriate for any growing organisation as each user have access to their own OS and server software.

3.3 Dedicated hosting

Dedicated servers are exclusively reserved for one user. There are typically two forms available: managed and unmanaged.

• Managed servers have staff to take care of duties such as managing local security issues and troubleshooting.

• Unmanaged servers are unmonitored and slightly cheaper to operate, as any assistance would have to be bought in.

Of the three options presented here, virtual dedicated hosting seems to be the most efficient, being generally cheaper than dedicated hosting but retaining the latter’s flexibility and security.

4. Design yourself safer

No matter what you do and no matter how small your website, it will be attacked. Design is intrinsic to security as it can reduce the damage caused by viruses, spyware and other malware.

Try putting yourself in the attacker’s shoes and use common sense to plug glaring holes. Some website mistakes are made so commonly – by beginners and old hands alike – that it is worth going over them here.

4.1 Cookies

One of the main problems encountered when designing a web application is that every request for a new page is dealt with independently from the previous request. Asking a web application to ‘remember me’ is therefore more difficult than it is in normal applications.

There are two methods that web applications use to remember visitors and which are supported by most browsers: cookies and session cookies.

• A cookie is a small file that is created by the browser and stored on the user’s computer. It can contain virtually anything, but is usually a name, an expiry date and an arbitrary amount of data like: “Count = 100” or “Member = false”.

• A session cookie is similar to a regular cookie, except it allows web applications to store the data in memory.

The difference between the two is that a cookie is stored directly onto the user’s computer and stays resident unless manually deleted. A session cookie, meanwhile, is only saved as long as a computer is switched on, and so is lost automatically as soon as the browser is closed. They do have something in common: they can both be tampered with.

Developers often trust the data they retrieve from cookies simply because they developed the code and so it must be good, right? Wrong. Hackers can easily modify a cookie (and in some cases live session data) to fool a website into giving them access to a restricted page.

When designing your system never trust user input, whether it comes directly from visitors, or indirectly through cookies. Try and limit the amount of data that is stored in cookies, especially if it is data that should not be made available to the public. A good rule is to treat any data that is stored on an end-user machine as suspect.

MySpace.com was targeted by a Trojan (JS/SpaceStalk-A) early this year, which stole information stored in cookies and transmitted it to a remote server. This information could theoretically contain confidential information such as login names, internet preferences and passwords.

4.2 Authentication

If your website contains areas that are only intended for certain customers or registered users, you need a way for visitors to identify themselves before they gain access[8].

There are a number of ways to authenticate users: basic authentication, digest authentication and HTTPS.

• Basic authentication allows a username/password combination to be visible inside the web request. Even if the restricted content is not especially secret this is best avoided, since a user might use the same password on many sites. A Sophos poll showed that 41% of users use the same password for all online activity, whether it is a banking site or a local community forum [15]. Try to protect your users against this mistake by using a more secure authentication method.

• Digest authentication – which all popular servers and browsers support – encrypt the username and password securely inside the request. It keeps user names and passwords secure, which creates a better impression on the user and reduces the chance of your server being abused.

• HTTPS encrypts all data transferred between the browser and the server, not just the username and password. You should use HTTPS (which relies on a security system called Secure Sockets Layer, or SSL) whenever you are asking users to provide private or personal data such as their address, credit card or banking details.

When choosing an authentication system, it is good practice to choose the best available. Anything less will worry security-conscious customers and possibly expose them to unnecessary risks.

4.3 Components, libraries and add-ons

Many web developers do not have time to reinvent the wheel. When asked to add a feature that is common elsewhere the simplest approach is to source a package that already contains the necessary component and customise it. Such outsourcing occurs primarily with complex, feature-rich micro-applications such as blogs, forums and content management systems (CMS).

The reason for using pre-built and customisable systems are obvious: they save time and money.

Like all pieces of software, however, add-ons can contain flaws and so it is wise to keep an eye on any packages that are in use and update them regularly. The popularity of some of these packages can sometimes instil a misleading sense of trust among the public and many of the popular products have been found to be exploitable, even when apparently installed and configured correctly.

Popular server-side applications that have had problems in the past with critical, exploitable bugs include:

• WordPress (blogging software).

• phpBB (forum software).

• CMS Made Simple (CMS Software).

• PHPNuke (CMS Software).

• bBlog (blogging software).

Many of the above (and similar) add-ons are widely used, which makes them very attractive targets for hackers as they greatly increase the number of possible victims. Since most OS and HTTPD software can be automatically updated many developers ‘set and forget’ certain features, but neglect to update the various add-ons: a dangerous mistake.

Again, the golden rule here is as before, if you do not need it, get rid of it! If your hosting provider supplies such features by default, turn them off. If you are unable to disable them, then you should think about finding a new provider.

4.4 Log Files

Server logs are a very important commodity when managing a website. Most HTTP servers can be configured to save access logs as well as error logs, and this should be enabled at all times as it can be important when conducting a review.

They should also be reviewed regularly as they can provide a better understanding on the threats that websites face. Log files provide an insight into any potential breach by recording, in great detail, every single successful or attempted access to a site.

5. Breaking the code

Writing secure code is not always as easy as it sounds. It not only takes a skilled programmer, but also one that is knowledgeable about specific security issues [9]. There are whole books dedicated to writing secure code so I will only cover the basics here[13].

• Always enable global variables as they can be purposely initialised by a fake GET or POST request.

• Turn off error reporting and ensure that you log-to-file instead, as such information can help attackers provoke a similar problem and then manipulate it to expose further vulnerabilities.

• Do not trust any user data and always use filter functions to strip out special SQL characters and escape sequences.

5.2 SQL injection

SQL injection can be used to attack websites that interact with databases. It occurs when unfiltered input designated by the user is used in an SQL query.

SQL queries can be used to query a database, insert data into a database or modify/delete data from a database. A lot of modern websites use scripting and SQL to generate page content dynamically. User input is frequently used in SQL queries and this can be dangerous as hackers can try to embed invalid SQL code within the input data. Without careful attention, this malicious SQL may be executed successfully on the server.

Take the following PHP code:

$firstname = $_POST[“firstname”];

mysql_query(“SELECT * FROM users WHERE first_name=’$firstname’”);

After submitting your first name to the web form, the SQL query will return a list of users that have your first name. If I put my name “Chris” in the form, the SQL query would be:

“SELECT * FROM users WHERE first_name=’Chris’”

This is a valid statement and will work as you would expect, but what would happen if instead of my first name, I put in something like “’; DROP TABLE; #”? The statement would then read:

“SELECT * FROM users WHERE first_name=’’; DROP TABLE users; #’”

The semi-colon allows multiple commands to be run, one after the other. Suddenly the simple statement is now a complex three part statement:

SELECT * FROM users WHERE first_name=’’;

DROP TABLE users;

#’

The original statement is now useless, and can be ignored. The second statement instructs the database to drop (delete) the entire table and the third uses the ‘#’ character which tells MySQL to ignore the rest of the line.

The above is particularly dangerous and can be used to display sensitive data, update fields or delete/remove information. Some database servers can even be used to execute system commands via SQL.

Fortunately this type of vulnerability is easily avoided by validating user input. In PHP there is a special function for stripping out potential SQL injection code called ‘mysql_real_escape_string’. This function should be used to filter any data that is passed to an SQL statement.

5.3 XSS (cross-site scripting)

This type of attack focuses on websites that display user-supplied data. Rather than attempting to control the database with malicious input, the attacker attempts to attack the website code itself with malicious output.

Many sites store the usernames of every visitor in a database so that they can display a specific name when that user logs in. For an attacker it is a simple thing to create a false account, but place malicious code into the username field instead of a name. Such attacks are typically achieved with malicious Javascript scripts that then load content from another website. The database stores what it thinks is the username, but is in fact malicious code. Subsequently, when the website attempts to display the username at the top of the page, the malicious code is unwittingly executed. Since the code could, depending on the circumstances, do just about anything, this is a very real concern and often overlooked by developers. In recent history many high-profile websites have been the victim of XSS attacks, including MySpace, Facebook and Google Mail.

Take the following PHP code:

$firstname = $_POST[“firstname”];

echo “Your name is: $firstname”;

After submitting your first name to the web form, the website will display the message on the page. If I put my name “Chris” in the form, the message would say: “Your name is: Chris”.

What if I decided to use “<script>alert(“You just got hacked!”);</script>” instead of my name?

Unfortunately, XSS attacks can sometimes be hard to defend against as they rely on the correct filtering of input and output and then the validation of every single field that can be modified by a user. This includes data retrieved from GET and POST requests, as well as queries that have been returned from the database.

If you use PHP there are a number of packages that can help you filter output easily, an example being CodeIgniter[5]. Alternatively, there is a native PHP function called ‘htmlspecialchars’ that can be used to filter output.

6. A study of how easy it is

While researching this paper I decided to see how easy it would be to find examples of data leakage and so searched Google for the default log filename for a common FTP client. I found thousands of websites that were publicly displaying (and unknowingly indexing) this seemingly unimportant FTP log file. Each one was a brilliant example of data leakage.

Here is one such (censored) log:

99.07.16 08:34 A x:\xxxxxxxx\xxxxxx\xxxxxx\WS_FTP.LOG <– <Site name> /export/home/<username>/xxxxxx/xxxxxx WS_FTP.LOG

99.07.16 08:53 A x:\xxxxxxxx\xxxxxx\xxxxxx\home.html –> <hostname> /xx/www/xxxxxx-xxx/xxxxhome.html

From this I learned a number of interesting things:

• The <site name> gave me the name of the website.

• The <user name> provided the login name on the Linux/BSD style server.

• The <host name> supplied the server’s hostname.

This tells me the following about the host:

• The name and IP of the web server.

• The remote path it was copied into.

• The local path it was copied from.

This kind of information is gold dust to any criminal, as by knowing the hostname and username he or she can attempt to gain administrator access. They could also simply discover the web hosting company’s phone number or email address and attempt to gain the password via social engineering.

The latter is often easier than attacking the server itself as many web hosting companies undertake minimal security checks before handing out security credentials. This may be because they are often contacted by individual web contractors who are building a site on behalf of a third-party, and so are quite used to getting calls asking for account credentials or password resets.

I myself have done this several times – legitimately of course – and only one of the four different companies I asked required the original business to provide express permission.

Yes, it really is as easy as that.

This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.

Bookmark and Share

I have been a very active member on many phpBB forums. As an active member on many of these forums I have seen very few phpBB forums advertising anything except adsense or pay per click. I have come across a free software that allows your forum members or anyone else to advertise right on your forum.

The best part about this is you can set it up and automate it. All ads have to get approved by the forum owner or administrator. You can place your own ads as well as sell space to others. The layout is set up to blend in with your phpBB forum. This free software was created by Harvey Segal, solely for phpBB forums only and will not work on other power driven forums. Click Here

The Forum AdManager package, allows users to sign up and schedule available ad space. Once approved, it automatically charges their account for the period of time they want their ad to be displayed. Some ads are just a word phrase with a link attached to phrase and some other ads will allow the user to upload an image. You charge more for the image ads. The ad request you receive will almost always be ads targeted to your forum niche.

This is a real revenue generator to your forum. There are thousands that want to get their product recognized and promoted through forums. This allows your members to advertise on your phpbb forum without spamming threads.

There are different price levels for each ad space and you can set the rates. Each ad space is on a first come first serve basis for any specific time period. This is good because you will find people signing up for ad space weeks and even months in advance. When they see the time slots only available a week or even a month down the road, they will acknowledge the competition for that ad space on your forum and will be begging to sign up.

The ad display blends in around the borders of your forum just as you would blend in your adsense. Adsense will generate some revenue but not to the extent that this free phpBB forum advertising software will generate. If you would like to find out more about the free phpBB forum advertising software that is 100% free. Click Here

This is one of the best ways that I have seen to earn good revenue from your forum, and will give your members a chance to advertise on your forum. The revenue generated from the Forum AdManager software will topple your adsense revenue.

Bookmark and Share

What Is PHPBB All About Then?

Written by admin on August 25th, 2010 in Phpbb security.
Tags: ,

The abbreviation phpBB stands for PHP Bulletin Board, i.e., a bulletin board scripted in the PHP programming language. A bulletin board, also referred to as message board, discussion board, web forum, Internet forum or discussion forum, is a platform on the WorldWideWeb that facilitates (i) creation of a virtual community of like-minded people and (ii) interaction among them.


The very popular phpBB is a high-powered, fully scalable, highly customizable and free open-source (i.e., no fees, no subscriptions, no restriction on modifications) Internet forum software package that can support a variety of database management systems such as MYSQL, Microsoft SQL, PostgreSQL and Microsoft Access (via ODBC). With its user-friendly interface, straightforward administration panel and helpful FAQs, phpBB is the ideal free community builder for all kinds of websites.


The key features of the phpBB Internet forum system are:


Simple installation

Multiple-language interface

Support for a host of database servers

High security, with powerful and extensive authorization system and strong encryption for password safety

Unlimited forums that can be organized into unlimited categories

Unlimited forum members

Private or public forums

Powerful search facility

Private messaging facility

Template customization

Messages formatting in various font styles and sizes, also allowing image posting, code display, automatic URL linking

Easy-to-use admin panel

A large community of phpBB users providing free support


phpBB Forum Hosting


A multitude of phpBB forum hosting service providers exist in the web services market, offering right from 100% free or inexpensive forum hosting packages to premium paid forum hosting packages, depending upon the quality of the server, the features included in the package and the quality of the customer service and support provided by the forum hosting company. The 100% free type of phpBB massage boards generally come with limited disk space and limited bandwidth per month and are usually accompanied by banner ads, whereas the premium paid forum hosting packages are ad-free packages with larger disk space and maybe unlimited bandwidth per month.


As mentioned earlier, an Internet forum is a platform for people having common interests where they can meet virtually and exchange ideas on any topic of interest, be it technology, politics, health, gaming, or whatever. By doing so they can find solutions to their problems or can help others solve their problems by giving them advice. If used intelligently and diligently, in addition to the socializing activity a forum can also be exploited to drive traffic to your website. So, go ahead and join a relevant forum or host your own phpBB forum on your website.

James Johnson, being an expert in phpBB, I have set up some free phpbb hosting for you all to use.

www.phpbb-hosting.co.uk

Bookmark and Share

Hello world!

Written by admin on August 21st, 2010 in Phpbb security.

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!

Bookmark and Share


Site Navigation

Powered by Yahoo! Answers