[fel64]

Not sure who reads the WP feeds, so here’s an interesting snippet:

Mullenweg says he’ll use the new cash to fund more projects, including a new forums product. Called TalkPress, he said it will be “smaller, lighter, with fewer features but a richer customization API.”

In other words, it will work a lot like WordPress, which is a basic framework upon which users add the features they really need. Mullenweg some time ago created a forum program, BBPress, and the TalkPress service will be built on that.

“I spend a lot of time on forums, and they drive me crazy,” he said. “They haven’t changed in 10 years.”

http://blogs.chron.com/techblog/archives/2008/01/the_importance_of_being_matt.html

[Beau Lebens]

Also, for people’s interest — here’s Matt talking about BackPress at WordCamp 07; http://www.viddler.com/explore/cdevroe/videos/228/241.45/BackPress/

[0aron-maya]

That sounds great. You know that the same framework, the same look and the same feel do drive us crazy. Forums should not be restricted but varied.

[geld_lenen]

BBpres is extremely hackable for Iframe attacks and code injection. My BB was hacked 3 times, always used last version.

Looking for another now….

[Sam Bauers]

@geld_lenen

That’s a fairly serious accusation and warrants an investigation if true. Can you be more specific please?

bbPress does a lot of filtering of user input to avoid these things. What part of bbPress was exploited? A topic, a profile?

Code injection in bbPress installs is usually a symptom of insecure shared hosting, not bbPress itself.

[723891]

Why switch to bbpress? WordPress is highly configurable and there are a lot of plugins. And if you want you can change the source code on your own server…..

[Sam Bauers]

bbPress is not a competitor to WordPress, it is a complimentary product.

[hypotheekrente]

@geld_lenen

Could you explain what you were using? My personal experience with bbPress is really great and hackers tried to hack some websites i have, but dont manage to get in to it. So i really wonder.

Regards, Bob

[_ck_]

This topic is old – bbPress has not been hacked – there was an exploit for all of a day or two back in 0.8 that was quickly fixed.

What’s happening is that OTHER programs on the same account or server are being hacked and what they do is attach themselves to the bbPress templates though those other programs.

In over 4000 sites, I’ve only detected 8 XSS hacks so it’s obviously coming in through other programs and not directly (or the problem would be far more widespread).

(And by the way, if you keep getting hacked, that means your server has been compromised and need to be wiped and re-configured. Just re-installing the PHP programs won’t fix the issue if there is a a hidden backdoor elsewhere. )

[beernews]

Been a few months. Where does one keep up with the developments (other than the trac/code stuff which I dont understand)?

[geldlening]

So is it safe to use or should one just know a lot about it?

[Sam Bauers]

@geldlening

It is safe to use the stable version of 0.9.0.2