sorry by no open source software i meant like phpbb which i know is the kind of way that people get into your system
... no, they con get access through poorly configured phpbb.
i did have a hacked box a couple of years ago, i was running phpbb
... and now you associate being hacked with open source software?
You are not alone
in making this mistake.
However, it has been well known for a long time
, in security circles, that open source is, a priori, more secure than closed.
While the bad guys have access to your code to seek vulnerabilities, that is not actually how they work - and the good guys also have access. There are many more good guys than bad guys.
More importantly, good guys who have an incentive
to fix the problem now (rather than, say, cover it up or shift the blame) have the means to create a fix - something not available in the proprietary world.
For many, particularly web-exposed, programs, there are actually teams of academics looking for security vulnerabilities ... so they can publish a paper and get more research funding. So we sometimes see flaws appear in FOSS which have no exploits at all.
The exact effect does vary from app to app.
So, while phpbb was quite publicly hacked, and it was
poor design, a set of best practices
quickly emerged and specific vulnerabilities were addressed while other proprietary programs remained vulnerable... but quietly. Their owners taking the "shift the blame and don't talk about it" approach.
You see, most people set up their bb's by getting it to do what they wanted and stopping there. After all, it works don't it?
It was, and still is in some places, uncommon to assume that someone would try to do anything which is not there on the interface. In fact, design needs to assume that some user will deliberately
try to break the system, and plan the design accordingly.
This usually means reduced functionality out of the box and an education package for each user that asks how to do something you know (but they don't) is insecure. Sadly, this is usually resisted by customers, which is mostly why all software ships with security holes ... but we try.