WWWBoard FAQ

Frequently asked questions about the WWWBoard message board script.

Quick Links

How do I set up WWWBoard?
How do I delete messages?
Where can I get add-ons and help for WWWBoard?
How do I prevent spam?
I think my WWWBoard was hacked, how so?

Q1: How do I set up WWWBoard?

To set up WWWBoard:

Upload scripts to /cgi-bin/:
```
wwwboard.pl
wwwadmin.pl
```

Create message directory:

mkdir /home/user/public_html/wwwboard/
chmod 755 wwwboard/

Upload HTML templates:
```
wwwboard.html
post.html
reply.html
```

Set permissions:

chmod 755 wwwboard.pl wwwadmin.pl
chmod 666 *.html (in wwwboard directory)

Configure paths in wwwboard.pl

Q2: How do I delete messages?

To delete messages from WWWBoard:

Use the admin script:

http://yourdomain.com/cgi-bin/wwwadmin.pl

Enter your admin password
Select messages to delete
Confirm deletion

Or manually via FTP:

Delete the message HTML file (e.g., 123.html)
Edit wwwboard.html to remove the link

Caution: Deleting a parent message may orphan replies. Use the admin script for clean deletion.

Q3: Where can I get add-ons and help for WWWBoard?

Short Answer

DBasics Software offered several add-ons with free installation guides for WWWBoard users.

Long Answer

DBasics Software offered the following add-ons for WWWBoard:

Operating Multiple Boards On One WWWBOARD.CGI

Run multiple discussion boards with a single script installation

Customizing the look of WWWBOARD posts

Modify the appearance and layout of messages

Simple WWWBoard Search Engine

Allow users to search through posted messages

Viewing Messages Before Posting

Preview functionality before submitting

Creating a Private WWWBoard

Password-protected discussion boards

Denying WWWBOARD Access

Block specific users or IP addresses

Subscribing Function

Email notifications for new posts

Digested Articles

Send collected posts as digest emails

Historical Note: DBasics Software was a popular resource for WWWBoard modifications in the late 1990s. Many of these features are now standard in modern forum software.

Q4: How do I prevent spam?

Several techniques help prevent spam on WWWBoard:

Banned words filter:

@banned_words = ("viagra", "casino", "cheap");

Block IPs:
```
@blocked_ips = ("123.45.67.89");
```
Require fields: Make email required and validate format
Rate limiting: Limit posts per IP per hour
Simple CAPTCHA: Add a math question

Tip: Monitor your board regularly and update banned words as new spam patterns emerge.

Q5: I think my WWWBoard was hacked, how so?

Short Answer

WWWBoard doesn't have the tightest security. If you're using version 2.0 ALPHA 2, upgrade to ALPHA 2.1 to fix major security problems.

Long Answer

The Followup Exploit

WWWBoard 2.0 ALPHA 2 did not validate the followup field. Attackers could:

Clobber specific messages
Overload HTML file sizes and fill up disk space

Security Fix

Find lines 133-135 in the standard distribution (ALPHA 2.0):

if ($FORM{'followup'}) {
   $followup = "1";
   @followup_num = split(/,/,$FORM{'followup'});

Add the following code after those lines:

# Changes based in part on information contained in BugTraq archives
# message 'WWWBoard Vulnerability' posted by Samuel Sparling Nov-09-1998.
# Also requires that each followup number is in fact a number, to
# prevent message clobbering.

local(%fcheck);
foreach $fn (@followup_num) {
   if ($fn !~ /^\d+$/ || $fcheck{$fn}) { &error('followup_data'); }
   $fcheck{$fn} = 1;
}
@followup_num = keys %fcheck;

Password Dictionary Attacks

Another common attack is dictionary attacks against the well-known location of passwd.txt.

Protection Tips

Choose a strong password (not a dictionary word)
Move passwd.txt to a non-standard location
Update the filename in wwwadmin.pl accordingly
Consider placing the file outside the web root

Historical Context

This vulnerability was documented in the BugTraq security mailing list archives, posted by Samuel Sparling on November 9, 1998. It represents an important lesson in CGI security: always validate user input, especially when it affects file operations.

Back to FAQ