My first attempt to start a forum for the Saint Maker ended in failure and scrambling to get a replacement. I want to write out what I learned along the way, so that it may be of use to others in the future.
The first is a mea culpa: I thought I could get away with using unmaintained software.
I found FluxBB in the options for forums on Yunohost, which is what I use to manage the stuff I host. I liked how simple and lightweight it was. No frills, nothing unnecessary.
While playing around with it, realized the website for the project was down, then went over to the public repository for the project, and the last commit was years ago. All red flags.
But watching how light it was on resources, decided to go for it anyway.
All the lessons I had learned over the years of being incredibly careful while online were ignored: I didn't consider attack surface, the hostile environment that is the internet, the fact that this was tied in with all the other stuff I host on this vps, or that even without Google and other major search engines crawling like they used to, this site would be crawled eventually by some entity.
Bot Attack
Then the bots attacked. Something had crawled the site, saw that signups were open, and the porn bots came flooding in.
I had anticipated bot floods, I was ready to do some swatting.
It was while doing this swatting, that I saw how far behind the php version used by FluxBB was. For whatever reason, I hadn't thought to check during my initial exploration.
Being so simple, there wasn't a ton of other dependencies, but there were enough, that were similarly far behind, to make me realize my mistake.
Flarum
I went back to the drawing board, going through other options I could pop up quickly via Yunohost. Flarum stuck out as a good option: maintained, with a funding model to keep it up to date.
It's going to be a bit more heavy on resources, but I prefer that to an overly large attack surface.
Still a work in progress, and I still have much to learn, and I'm sure signups will continue to be a problem once the bots figure out we're here.
Figuring out a better sign up flow will probably be my next project.
