Nmap /

Forums

Comparison of Internet forum software: PHP/non-PHP (Wikipedia)

Forum comparison site

These are arranged in order by latest release date. Each one has links to a sample forum's home, thread, and register page.

Executive summary: The two most popular forum programs appear to be phpBB and vBulletin. They are both used on large sites with many users. Neither has a great security record. Almost all currently maintained forum software is written in PHP. The only non-PHP ones on this list are YaBB, E-Blah, and Ikonboard, all Perl. I have not checked yet if all the pages listed here support adequate theming and email notification, but basic features look pretty consistent across the board.

NinkoBB http://ninkobb.com/

Latest release 1.3RC5, March 2010.

PHP. Secunia 2009 (0 advisories). But all advisories has 1 unpatched less critical that exists up until 1.3RC4.

Phorum http://www.phorum.org/ Wikipedia

Latest release 5.2.15, March 2010.

PHP. Secunia 2009 (2 advisories).

phpBB http://www.phpbb.com/ Wikipedia

Latest release 3.0.7-PL1, March 2010.

PHP. Lots of security advisories. Version 3 is better in this respect. Secunia 2009 for 2.X (38 advisories). Secunia 2009 for 3.X (4 advisories).

vBulletin http://www.vbulletin.com/ Wikipedia

Latest release 3.8.5/4.0.2-PL1 March/February 2010.

PHP, proprietary. BB code, images, HTML. Secunia 2009 for 3.X (25 advisories). Secunia 2009 for 4.X (2 advisories).

IceBB http://www.icebb.net/

Latest release 1.0-rc10, February 2010.

PHP. Secunia 2009 (0 advisories). But if you look at all advisories there's one "highly critical" unpatched from 2007.

Invision Power Board http://www.invisionpower.com/products/board/ Wikipedia

Latest release 3.0.5, February 2010.

PHP, proprietary. $25 every six months. Version 3.X not in Secunia, but Secunia 2009 for 2.X (1 advisory).

UBB.threads http://www.ubbcentral.com/ Wikipedia

Latest release 7.5.5, February 2010.

PHP, proprietary. Secunia 2009 (0 advisories).

miniBB http://www.minibb.com/

Latest release 2.4.1, December 2009.

PHP. Secunia 2009 (0 advisories).

MyBB http://www.mybboard.net

Latest release 1.4.11 December 2009.

PHP. Secunia 2009 (5 advisories).

Simple Machines Framework http://www.simplemachines.org/ Wikipedia

Latest release 1.1.11, December 2009. (There are release candidates for yet-unreleased 2.0.)

PHP, freeware. A descendant of YaBB. Secunia 2009 for 1.X (4 advisories).

FUDforum http://fudforum.org/forum/ Wikipedia

Latest release 3.0.0, November 2009.

PHP. Secunia 2009 for 2.X (0 advisories).

Vanilla http://vanillaforums.org/

Latest relese 1.1.10, November 2009. Unfortunately this is approaching end-of-life to be replaced by yet-unreleased Vanilla 2.

PHP. Open-source, commercial. Does hosting at http://vanillaforums.com/. Secunia 2009 (1 advisory).

UseBB http://www.usebb.net/

Latest release 1.0.10, October 2009.

PHP. Secunia 2009 (1 advisory).

bbPress http://bbpress.org/

Latest release 1.0.2, July 2009.

PHP. From the makers of WordPress. Secunia 2009 for 0.X (0 advisories).

Beehive Forum http://beehiveforum.net/ Wikipedia

Latest release 0.9.1, July 2009.

PHP. Secunia 2009 (0 advisories). But in all advisories it says there are two unpatched, one "moderately critical" from 2005.

DeluxeBB http://www.deluxebb.com/

Latest release 1.3, June 2009.

PHP. Secunia 2009 (1 advisory, unpatched, moderately critical).

punBB http://punbb.informer.com/

Last release 1.3.4, May 2009.

PHP. Output is nice. Recent releases have been for security vulnerabilities. A fork is FluxBB. Secunia 2009 (0 advisories).

YaBB http://www.yabbforum.com

Latest release 2.4, April 2009. Version 3 is stalled since October 2009.

Perl. Secunia 2009 (0 advisories).

XMB Forum http://www.xmbforum.com/

Latest release 1.9.11, February 2009.

PHP. Secunia 2009 (0 advisories).

E-Blah http://www.eblah.com/

Latest release 10.3.6, August 2008.

Perl. Secunia 2009 for 9.X (0 advisories).

Quicksilver forums http://www.quicksilverforums.com/

Latest release 1.4.2, August 2008.

PHP. Secunia 2009 (0 advisories). But all advisories has 2 unpatched in 2008 and 2010, moderately critical.

Security

This is my table of the number of security vulnerabilities in 2009 for all of the above forums.

SoftwareVulnsRelease dateComments
NinkoBB02010-031 unpatched, (fixed in 1.3RC5?) less critical
IceBB02010-021 unpatched, highly critical
UBB.threads02010-02 
miniBB02009-12 
FUDForum02009-11 
bbPress02009-07 
Beehive02009-072 unpatched, moderately critical
punBB02009-05 
YaBB02009-04 
XMB02009-02 
E-Blah02008-08 
Quicksilver02008-082 unpatched, moderately critical
Invision Power Board12010-02 
Vanilla12009-11 
UseBB12009-10 
DeluxeBB12009-061 unpatched, moderately critical
Phorum22010-03 
vBulletin 4.X22010-02 
phpBB 3.X42010-03 
Simple Machines42009-12 
MyBB52009-12 
vBulletin 3.X252010-03 
phpBB 2.X382008-04 
Bulletin Board# Vulnerabilities
1BBPress1
2Beehive1
3IceBB1
4QuickSilver1
5YaBB2
6PunBB3
7Phorum4
8DeluxeBB7
9PHPbb13
10MyBB13

Misc.

Other options: Wordpress, Drupal, etc., individual articles with flat comments.

Consider spam resistance, moderation, quality of CAPTCHA.

Other ideas for inspiration: Google Groups, Ask E.T. forum (low-traffic, highly moderated), Hacker News.

Page last modified on March 22, 2010, at 02:35 PM