phpBB VS SMF VS MyBB

1) Lol look at the myBB theme. I would call that ugly. The colors make it look like a comic book no offense. And calling people dumb saying the default theme should be customizable? Heh I don't even need to comment on that. Common sense.

2) Read some of my last posts that stated all the features SMF has that myBB doesn't.

3) If your on the latest version of every software you should be fine. (Meaning the development is active)

You may wanna read my post and aldo that stated over 20 features SMF has that myBB doesn't. With all due respect.

You havent proven that there was security flaws in SMF1.1.7 just stating that you can hack it. No proof of concept. I find it really immature if you found something and didn't report it to SMF though just as if I would do the same for myBB. Judges a good person from a bad person.

As far as I know you myBB users were the one that started it. Stating "SMF has no features" "SMF is insecure" ect. So we can have a say in it too eh? Like I said don't complain if your myBB forum never becomes successful. You can quote me on that later too.

Your arguments are solid yet we proved SMF is more secure even though SMF is about x10 the size of myBB. You say theres a security vulnerability but you cant explain why. We claimed that SMF has more features comparing features list. So sure myBB won. And please (as I stated earlier compare security vulnerabilities in the past and present it may help)

~ Shadow82x

 

Most of them were false, the only real feature you said that MyBB that you claim doesn't have as a plugin is searching PMs, wow big deal.

My argument was that MyBB is younger, and the fact that it has as many features as SMF, shows that it is better. That's an argument you cannot beat.

I have proven it, doesn't mean I have to show you the proof, what matters is if SMF team has found the same vulnerability or if I found one that's extremely unique.

Every forum is insecure, I'm sure if I put in thousands of hours, I would find a vulnerability in MyBB as well. Even in IPB or vB. The point is, it only took me 35 minutes to find a vulnerability in SMF and that's just sad.

And of course I'm not going to report it, why should I? So that idiots like you can get a patch and then say "oh see, SMF is secure", because that would be a logical fallacy.

Well you're wrong, I was here throughout the thread, and it was MrSandMan who started bashing MyBB, and you supported him.
THAT'S what judges a good person from a bad person --- I never bashed SMF until you guys started bashing MyBB without any proof.

Are you on drugs?
I just told you that I hacked into an SMF 1.1.7, I don't have to prove it to you, it's beyond your level of expertise obviously since you haven't found the vulnerability. And why would I show the vulnerability to someone who's bashing other forums for its security???

And obviously I'm not going to go and hack all your SMF forums, that's illegal. I only do that to people I can sign contracts with, that hire me to do it.

Now, it really doesn't matter, I've told you that
1) SMF and MyBB have the same amount of features through plugins. SMF might have one or two more, but only because of its age, and that's sad.
2) I have proven SMF is more vulnerable, and you can even find public exploits on it that I didn't even post. The one I found was for 1.1.7. Maybe the 2.0 Beta doesn't have this same vulnerability, maybe it does; the fact is so far, MyBB is safer and more secure.

Give up yet?

 

Hehe. OK please ill setup a SMF1.1.7 forum and you can try and hack it. Than thats when I will find it a concern. You telling me SMF is insecure is a joke and saying you can hack it without proof means nothing. So right now I guess I can say I just found a massive security flaw in myBB but I'm not going to tell you.

So SMF has...
- WYSWYG Editor
- PM Rules
- PM display modes
- Ability to report PMs
- Ability to view new replies to your posts
- Advanced Stats
- Ability to watch users via mod panel
- Ability to use paid subscriptions
- Trashbin forum
- Be able to ignore boards you do not wish to receive notification
- Plus I'm sure many things I missed but are less important

And myBB was built from devbb as SMF was built from yabbse and both of them actually had a complete rewrite from that point. Both around the time of 2003/2004. So myBB is older than you think (Source: http://wiki.mybboard.net/index.php/Versions#Version_List) And trust me myBB is still lacking a lot of features. So that is not a very valid point.

Since when did I ever support sandman - provide a post or anything that made it seem like im supporting him. I'm supporting SMF not him.

Read my post above and read aldo's post and the rest of the topic as it is your topic.

You have proven nothing at all. You are just saying SMF is insecure. But goodluck with your studies. Saying I'm on drugs although it really seems like you are because your facts are all wrong. Sorry if this post is offending but like I said it was the myBB users who started this entire thing. Also you guys keep quoting "MyBB will get better over time" sorry to say it but thats the same for most softwares on the web including SMF.

~ Regards

 

A picture can be worth a thousand words.

MyBB is the best FREE forum, and will become even better with time.

The Opening Poster has made his case very clear.


>>> FYI: SMF Fans:
No need to argue, you guys get a huge advantage due to being included with Fantastico.
MyBB is perfect for many people, and they are best advised to try MyBB, and make up their own mind.

 

Serious thread is serious.

 

Should we convert it to FUN?

 

most of the big forums i know uses phpbb like gaiaonline.com

 

No, then you'll find the vulnerability and you might warn the SMF team about it.

SMF is insecure, and I told you, you can find public exploits for it.

Now you don't have to believe me, I'm not trying to convince you, I'm simply a programmer that has found a vulnerability and started this thread without knowing which , either MyBB or SMF is better--- but I have made a conclusion, that MyBB is simply better and MORE secure based on my analysis.

I don't have stocks in MyBB, I don't go "MyBB saved my life!". I'm a neutral observer and instead of you focusing on securing your forums, you continue to argue obsolete arguments about how SMF is better, when it is CLEARLY not.

1) Why would I care, it has a BB editor, and that's all that matters, WYSWYG Editors are bad.
2) PM Rules, ?? Rules on how to post PMs? Why would anyone care?
3) PM Display modes ? Why would anyone care, just display the PM as every forum does.
4) Reporting PMs? When you can block the user? I mean if its a threat to the site, they can just PM the admin or a moderator or make a topic about it.
5) Advanced Stats? MyBB has stats as well, what more can SMF possibly have? This is completely trivial.
6) It's called Subscriptions and they exist for MyBB.
7) watch users? Seems pretty trivial to me.
8) paid subscriptions? On a forum? Never heard of that.
9) This exists in MyBB.
10) You can disable notifications in MyBB, seems like a simple plugin that someone may implement in the future. Pretty trivial though.
11) HAHAHAHAHAHA "i'm sure I missed many things!"

 

This exists as a mybb plugin at mybbcentral.com It's IPN too.

Tarkan...welcome to the world of Mybb. I am fairly confident that if given a chance that Mybb will be more than suitable for forum admins. We can always argue about the features that don't overlap and who feels what is important but it's subjective and pointless.

 

Really?? Please link me to "all these public exploits. Id love to see them all. (Latest SMF version = 1.1.7)

You don't need to convince me - there is no proof of concept of anything. You can be childish and report it on the web and it will get fixed within 24-48 hours anyway.

Oh of course - thats why every person iv asked said they loved this feature. Thats why IPB and vB have it too. MyBB is just falling behind.

Don't know why I should even comment on these responses as its evidence you have no clue what it is.

You should have a choice. SMF allows it to look like a forum does or in a single manner like myBB does. Or like an AIM conversation.

How would you know to report the user if the end admin has no clue if a violent PM was sent. Not everyone is going to sit there PMing one admin when the other admin will not be notified.

Dont feel like explaining everything myBB is missing take a look for yourself.
http://www.simplemachines.org/community/index.php?action=stats

Read some of my last responses its not the same.

uhhh sure its pretty helpful if you manage a big forum.

Future will tell for you than.

Sorry there is no trashbin forum for myBB. Check your features. Maybe via mod.

You cant disable new posts for just 1 forum again look before you comment.

Indeed.

True In another debate (or maybe this one) I stated I like debating this kind of stuff. It can only help improve a software.

 

Riiiight,
vs - the fact that you couldn't even install MyBB correctly on your server

SOURCE: http://forums.digitalpoint.com/showpost.php?p=9596626&postcount=33

Don't quit your day job

We did?

And this is your story. LMAO!!11!!

Well guess what, I can hack MyBB in less than 1 minute. I quickly found a huge security flaw in MyBB at first glance of the system and I'm not even someone who has ever tried to hack anything. I can take your MyBB forum down and destroy it in less than one minute hombre. Not that I ever would, but I'd lay low for awhile if I were you (since you use MyBB 1.4). You bringing this kind of negative attention to yourself might trigger someone just to prove a point at your expense and hack and destroy your MyBB forum

However, I am not going to tell you the vulnerability in MyBB nor will I notify the MyBB team of the security holes in MyBB. Be sure to back up your MyBB daily, sport.

I use SMF forum software because it's the safest out of all free programs.

 

I think people tend to be baised!! All the open source softwares are great if it wasnt for them you guys would be paying money for starting forums.

2. You can never say that a software is the best. Every software has its plus's and minus.

3. Each software can be made to work if its on the right hands. It doesnt matter whether you use phpbb,mybb,smf or something else all that matters is you!! How maintain the forum software and what you do to make it stand out.

4. Some people have discussed about apparent security flaws in software!! If you could elaborate on the flaw in question I would rectify it!! You will be helping someone. Finding a flaw in security aspect for alll these software's is no easy task I admire your knowledge on security

5. Use all the software's and then come to an decision. Dont go by what is written here just go by what do you think will be the best for the forum in your mind.

 

http://www.simplemachines.org/community/index.php?action=stats

I like that. I think I will mimic it as a mybb plugin.

Tarkan- Congrats on the wise choice. Don't let him rile you up. You don't win anything from a forum argument.

I think Shadow understands that if he just tells people to TRY mybb that they will choose it. So he has to argue his best in a forum. My opinion...try both. Play with them (as you did and once I did as well) and then decide.

Pointing out features is a great thing but once you get into the my dad can beat your dad up arguments it's time to call it a day. Especially when you KNOW your dad can kick serious arse.

 

SMF 1.1.6 AND 1.1.7 Exploit (this one also works in both)
SMF 1.1.6 Exploit (SMF forum says this one is also not patched yet for 1.1.7)
SMF 1.1.5 Exploit
SMF 1.1.4 Exploit
SMF 1.1.4 Exploit

Interesting, I've found 5 exploits, in the MOST RECENT versions of SMF! Including the CURRENT Stable version.

I am looking for public MyBB exploits, but I'm coming up short, as there are only public exploits for really old versions like 1.2 or 1.1. Currently MyBB is secure at 1.4.3.

With a little modification and some common PHP and SQL security flaws, you can make another unique exploit that's not listed in the above links for 1.1.7.

Hence, I've proven already, that SMF is less secure than MyBB.

I wasn't going to distribute this information, but you guys are beginning to irritate me with your ignorance.

Instead of pushing lies MrSandman and calling me a liar, you really should look for these security flaws as it can really damage your website and your web server.

MrSandMan, the only thing you did is prove to everyone here that I really AM unbiased.

You're right, I wasn't aware that MySQL 4.0 would not work, and the installation script did not detect and warn me about MyBB requiring MySQL 4.1. I thought it was some other bug, and couldn't find it in the code that I looked at for MyBB's source.

It's not like you figured out how to solve it, it was RectangleMan, so you still suck at PHP.

Also even if SMF fixes both of these in 1.1.8, it still doesn't mean SMF is more secure, it shows that even in their most recent versions they have vulnerabilities, it shows that they have insecure programming.

 

Erm... a simple search on milworm for mybb throws up an awful lot more of vulnerabiilities when compared to SMF (especially bearing in mind SMF has been around a hell of a lot longer).

2008-08-26 MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit (2) 5805 R D c411k
2008-04-06 MyBB Plugin Custom Pages 1.0 Remote SQL Injection Vulnerability 3923 R D Lidloses_Auge
2008-02-06 MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit 6009 R D F
2008-01-16 MyBulletinBoard (MyBB) <= 1.2.10 Multiple Remote Vulnerabilities 7749 R D waraxe
2008-01-16 MyBulletinBoard (MyBB) <= 1.2.10 Remote Code Execution Exploit 5272 R D Silentz
2007-04-23 MyBulletinBoard (MyBB) <= 1.2.5 calendar.php Blind SQL Injection Exploit 8463 R D 0x86
2007-04-12 MyBulletinBoard (MyBB) <= 1.2.2 (CLIENT-IP) SQL Injection Exploit 6185 R D Elekt
2007-04-03 MyBulletinBoard (MyBB) <= 1.2.3 Remote Code Execution Exploit 6802 R D DarkFig
2006-07-15 MyBulletinBoard (MyBB) <= 1.1.5 (CLIENT-IP) SQL Injection Exploit 11334 R D rgod
2006-06-25 MyBulletinBoard (MyBB) <= 1.1.3 (usercp.php) Create Admin Exploit 11351 R D Hessam-x
2006-06-13 MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit 6249 R D Javier Olascoaga
2006-03-03 MyBulletinBoard (MyBB) <= 1.04 (misc.php COMMA) SQL Injection (2) 5681 R D Devil-00
2006-02-28 MyBulletinBoard (MyBB) <= 1.03 (misc.php COMMA) SQL Injection 5692 R D Devil-00
2006-02-15 MyBulletinBoard (MyBB) <= 1.03 Multiple SQL Injection Exploit 4956 R D HACKERS PAL
2005-08-22 MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit 5889 R D Alpha_Programmer
2005-05-31 MyBulletinBoard (MyBB) <= 1.00 RC4 SQL Injection Exploit 6394 R D Alberto Trivero

And secunia have more recent ones available for 1.4

MyBB Multiple Vulnerabilities 2008-10-30
MyBB Multiple Vulnerabilities 2008-09-22
MyBB Multiple Vulnerabilities 2008-09-10
MyBB "search.php" Cross-Site Scripting 2008-07-28
MyBB Multiple Vulnerabilities 2008-07-17
MyBB SQL Injection and Cross-Site Request Forgery Vulnerabilities 2008-01-21
MyBB PHP Code Execution and SQL Injection Vulnerabilities 2008-01-17
MyBB "day" SQL Injection Vulnerability 2007-04-24
MyBB "Client-IP" SQL Injection and Code Execution 2007-04-04
MyBB private.php Cross-Site Request Forgery and Cross-Site Scripting 2007-01-25
MyBB Cross-Site Scripting Vulnerabilities 2006-09-18
MyBB Cross-Site Scripting and Script Insertion Vulnerabilities 2006-08-31
MyBB Avatar / Attachment Script Insertion Vulnerability 2006-08-28
MyBB "avatarurl" Script Insertion Vulnerability 2006-07-24
MyBB "CLIENT-IP" SQL Injection Vulnerability 2006-07-17
MyBB editpost.php Cross-Site Request Forgery 2006-06-29
MyBB Multiple Vulnerabilities 2006-06-29
MyBB "showcodebuttons" SQL Injection Vulnerability 2006-06-26
MyBB "domecode()" PHP Code Execution Vulnerability 2006-06-12
MyBB "do" Parameter Cross-Site Scripting Vulnerability 2006-06-08
MyBB Multiple SQL Injection Vulnerabilities 2006-04-28
MyBB Cross-Site Scripting and Variable Manipulation Vulnerabilities 2006-04-18
MyBB Cross-Site Scripting and Script Insertion 2006-04-04
MyBB "url" Cross-Site Scripting Vulnerability 2006-03-16
MyBB SQL Injection and Script Insertion Vulnerabilities 2006-03-01

Also, your claim that the above is an exploit for 1.1.7 is totally incorrect.

Your just a troll Tarken.... go back to your cave.

 

None of those exploits work for MyBB 1.4.X
Ever learn to read?

Also, the SMF vulnerabilities DO work for 1.1.7, so stop lying and trying to cover up for someone else's programming mistakes.

You're the 1-post-troll, not me, I'm the unbiased thread starter.

Yeah there are a bunch of links to MyBB exploits, but they are incredibly old. Some of them are years old.
Perhaps a hacker had a vendetta against one MyBB forum, and hence didn't make 20 of them for SMF years ago.

The point is, SMF has vulnerabilities NOW, and MyBB doesn't have them anymore. The result?
SMF is LESS SECURE than MyBB.

Here's some very RECENT vulnerabilities on secunia for SMF:
http://secunia.com/advisories/32516/ (JUST THIS MONTH!! WOW)
http://secunia.com/advisories/31750/
http://secunia.com/advisories/30955/
http://secunia.com/advisories/28900/
Simple Machines Forum Multiple Vulnerabilities 2008-11-05
Simple Machines Forum Password Reset Vulnerability 2008-09-08
Simple Machines Forum "HTML-Tag" Vulnerability 2008-07-17
Simple Machines Forum SMF Shoutbox Mod Script Insertion 2008-02-12
Simple Machines Forum SQL Injection Vulnerabilities 2007-10-22
Simple Machines Forum Session Fixation Vulnerability 2007-05-07
Simple Machines Forum Cross-Site Scripting Vulnerability 2006-12-04
Simple Machines Forum Cross-Site Scripting and SQL Injection 2006-09-04
Simple Machines Forum "X-Forwarded-For" Script Insertion 2006-02-24
Simple Machine Forum Avatar Information Disclosure Weakness 2005-09-01
Simple Machines "msg" SQL Injection Vulnerability 2005-06-23

Also a lot of the MyBB vulnerabilities are Cross-Site-scripting, they aren't major security flaws, they are easily fixable and they are hard for a programmer to detect when they make security for it.

SMF seems to have a lot of "Exposure of sensitive information
System access" security issues, that's serious.

 

Dude, can't you read?????

Why do you lie? Do you feel so threatend that of SMF being the better forum software that you resort to posting bogus information and hope people don't read it?

That's really low man. You should grow a pair. MyBB is unsafe and CAN be hacked by anyone! Yet you wish to lie... how sad!

FROM YOUR OWN LINK

The vulnerabilities are confirmed in version 1.1.6. Other versions may also be affected.

Solution:
Update to version 1.0.15 or 1.1.7.

 

There are 0 active or known vulnerabilities in MyBB 1.4.3. Sometimes it's not always about size

 

Hmm just tested that vulnerbility on SMF1.1.7 and it failed. Nice try. Goes to show SMF is secure.

Same for SMF. Tarken just makes believe he has a vulnerbility without any proof to try to make SMF look bad. Kind of a joke.

Since when did I ever say you shouldn't do that? Of course I encourage people to demo all software before hand forum software or not. I am simply replying to your posts that "MyBB is more secure than SMF" "MyBB has more features than SMF" although I think we shot pretty much all of them down. I think it can come to agreement that myBB has features SMF doesn't and SMF has some myBB doesn't. As shown from my list above.