FreeBSD newbie myself. Love the site, what more can I say, hope it's around for awhile.

Many of the loudly decried "security problems" noted with phpBB are in fact addressed by keeping one's version of PHP up to date, by making certain that global variables are disabled in the php.config file and not using the assorted email.php routines. I have phpBB 2.0.18 running on 12 domains. Any server side executable will be probed for weaknesses, but phpBB continues to be widely used. Has anyone tried running it in a sandbox? Community building is a technique employed by successful web developers and phpBB is Open Source.

Before tossing the forum I'd first investigate ways to make it run in a sandbox so that if miscreants manage to break in they won't be likely to harm anything else. Go to the phpBB home page and read their FAQ, which speaks very pointedly to the matter of them taking the heat for out of date PHP installations and/or improperly configured PHP installations.

A website is very much like a grain of sand on the bottom of the ocean. The fact that anyone happens across it is a conspicuous miracle in and of itself. If they happen to return and do so frequently, the magnitude of the miracle increases with each visit. Among the things we do to lure them back again is providing a forum and perhaps a chat room. Security is necessary and wonderful, but a secure web server whose pages have no traffic has rather missed the point of the whole thing, don't you agree?

I'm not sure if most phpBB exploits are caused by improper php configuration, as I can remember, the last three major exploits discovered last year were fixed by updating phpBB code. In theory, you are pretty safe if your forums are not the targets and you keep phpBB up-to-date and manage it properly, but the chance your servers get hacked is much higher than other forum software.

As more and more amateur admins start to manage their servers, they may not be able to keep up with the security update due to limited time or knowledge. The initial selection is very important IMO. So I mainly want to pass the warning to the new administrators.

I agree with the usage of forums, I believe it will get more popular. I for one spend much time on forums every day. When I look for information on Google, forum threads are often listed in the first page and very helpful since they are contributed by a few members.

At the beginning FreeBSD seemed to be hard/strange when I came to it with my linux background, now linux is the strange (and messy) beast:)

Just wanted to say that you got a good site. I'm kind of doing the same thing, blogging my server setup, though it's mainly for me. I always forget how I set things up, so it's nice to be able to look back. Just spent hours troubleshooting DNS till I realized I didn't have the dns ips bound to the right interface! Good times, good times.

I feel that portsnap might have the edge on cvsup these days.