...I need to know the best way to keep the forums secure to prevent any possible hackers. Please help me! Thank guys!
The most fundamental way to run a secure punBB forum is to make sure the server sitting underneath it is secure - ie the server itself (O/S, Apache, MySQL, PHP etc) is appropriately hardened, regularly patched, regularly monitored, and has good defences - eg has a tight firewall running on it, and Apache is running a HTTP request sanitizer like mod_security...
My point is: if you can't be sure your server is secure, including ALL THE OTHER APPS AND SERVICES RUNNING ON IT, forget about trying to secure punBB.
It's that simple. The weakest link in the chain may not be punBB. Focussing just on securing punBB would be a big error.
As for punBB itself, some simple tips:
- choose complex passwords for MySQL and your punBB admin account, natch...
- run some sort of forum spam tool (one of the CAPTCHA mods or the Kismet add-on),
- MINIMISE your usage of punBB's many 3rd party add-ons, mods etc etc. These can introduce vulnerabilities.
- install punBB into a non-standard location (not 'forum.mysite.com' or 'mysite.com/forum').
- try .htaccess password protecting the key punBB admin PHP files
- check, tighten and recheck/retighten the users and permissions set on all your punBB files and folders to ensure
they are as restrictive as you can practically make them (eg 0644 is nice for your files).