I’ve been thinking of adding forums to my long neglected web site, and have started messing around with phpbb on an install at home.
Have to admit, gluing the bits together to get it working was fun…
Am testing: phpbb 2.0.6, php 4.3.4, xitami 2.5c1, mysql 4.0.17.
To get it running, it was pretty obvious that I needed a web server, and I’ve been using Xitami for a while and find it easy to set up and use. phpbb seems to be a popular “free” board, and from its name it’s no surprise I needed to install php too.
I configured my web server as instructed by php, and tried to run phpbb which promptly gave out various errors. Not good. After a lot of messing about, found out that I need to change one setting in phpbb in an ini file hiding in the windows directory, and also it usually helps if I access the right install file of phpbb.
Oh, somewhere in there I managed to install mysql even though I have no idea what I did or what it does, it seemed essential.
Soon it was running and I’m having loadsa fun messing around and getting used to the options.
Next step would be securing it before releasing it to the world. I’m fairly confident in the web server security, with the usual tricks of web admin disabled and non-default admin names. But I’m at a loss as to what, if anything, I need to consider in the remaining three components: mysql, php, phpbb.
So… are there any general hints to help making them secure? I’m still in RTFM mode but they never seem to give what you need to know. Alternatively, I remember hearing of web server attacking tools which I guess would find any obvious weaknesses quickly, any suggestions before I hit google?