My experience tends to be that whatever popular forum software you'll be constantly fighting spam, in the end I gave up as it wasn't being used enough.

However I've seen phpBB working great but the user signup process was handled through another process and only registered users could post.

As long as you keep it updated you shouldn't have a problem, if you're paranoid install lighttpd/php/mysql in a jail and have it completely chrooted so that worst case scenario your chroot is compromised but there's no tools available for it to go any further, with regular backups from outside the chroot a restore should be simple.

Thanks very much.

You can always upgrade PHPBB manually while taking into consideration your modifications. Keeping extra code in separate files and using require() will simplify this process.

I wouldn't say any mature PHP forum software is any more secure than the other. Here is a tutorial for a Lighttpd, PHP and MySQL chroot environment installation for Debian:

http://blog.950buy.com/ar ...

Thanks. If I make changes to some of the PHPBB code to customise it, when I upgrade it, surely it will break badly.