Mistakes were made

New York City meets Munich

Forum Lessons

December 28th, 2004 · No Comments · How To, Internet

Things I’ve learned running a PHPBB forum:

  1. Use a good webhost.

    I made a mistake of thinking that hosting companies are all pretty much the same if you know what you’re doing. Big mistake. If you are trying to foster a community, spend a few dollars more a month and go with a bigger host with a good service reputation. Otherwise, you might find yourself losing data and getting headaches.

  2. Keep the software up-to-date.

    This can be a bit of nuisance if you’ve got a few complex mods installed (like I do), but not nearly the nuisance of getting hacked. Make sure to check the PHPBB site, or even better, sign up to the new email list.

  3. Be security minded

    In addition to staying up to date, it’s good to take some other precautions. If you can, run PHP as a CGI with specific user permissions. This will diminish the impact of any security break. In the brief time before I could patch for 2.0.11, someone tried to hack our forum, but all they managed to do was change the permissions on the files, which caused the site to go down. This is because PHP as CGI limited what could be.

    But from this experience, I also created a sentinel script that looks for modified files and runs as a cron job. Now, if a file changes (other than user avatars) in my PHPBB code, I get notified within 10 minutes. So if someone manages to upload something malicious, I will know promptly.

    With the recent PHPBB worm problems, I also advise setting up an htaccess file that bans the user agents LWP::Simple and LWP-trivial. Both of these are Perl packages for loading web pages that no user will ever use to access the forum. But the worm uses them. We saw our site taking massive hits from these, eating up bandwidth and CPU cycles until we did this. Even though our site couldn’t be compromised, you don’t want to take on the load of a worm jiggling the doorknob hundreds of times per minute.

  4. Plan ahead

    Users appreciate knowing you keep an eye on things. I’ve set up scripts on my home computer to monitor the forum to insure it is up. That way I can find out if there’s any outages right away. We also set up a “status blog” over on Blog*Spot in case we have hosting problems, or we have to take the forum down and want a venue to communicate with users.

  5. Google Ads are a good thing

    We had considered running Google ads on our forum for sometime, but I only finally got around to it in November. I wish I had done it sooner. While our users had been fairly generous with donations over the past two years, the forum was still a small cost to us. Now it puts a little bit of money in our pocket, which I can use to do things like upgrade the chat room hosting.

Other than a few early bumps, all in all it’s been a great and educational year for us at the forum.

No Comments so far ↓

Like gas stations in rural Texas after 10 pm, comments are closed.