| Author |
Message |
Doulos
Life Cycles Becoming CPU Cycles
Joined: Jun 06, 2005
Posts: 732
|
 Posted:
Sat Jul 01, 2006 12:09 pm |
|
I am running Coppermine stand alone accessed via a link in Site Navigation block. CPG is located outside of my PHP-Nuke directory and uses a seperate database. However, I do have a link back to my homepage within CPG. Does this still make my PHP-Nuke site vulnerable to attack through Coppermine? |
| |
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Sat Jul 01, 2006 12:57 pm |
|
Well this now depends on server security as I have seen coppermine allow things to be uploaded that could cause your server to get hacked instead of your nuke site. So check with your host to verify that server security is top notch but you have managed to run a script that is vulnerable to exploits but will not mess with your nuke site in particular. This is as secure as you yourself can make it. Now its server security.
This doesn't mean your coppermine wont be hacked, just means nuke site is not at risk, unless they are able to exploit cpanel or the server in another way. Wont be done from site level. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
   
  |
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Wed Jul 05, 2006 8:11 pm |
|
Well, I must respectfully disagree, especially is both installations are under the same web root. Even with PHP running as CGI instead of a DSO module won't be able to stop them if they can get in through Coppermine.
If these are even in separate web roots, but hosted on the same server, depending again on how PHP is configured with Apache, you may not be secure.
A web site (and server) is only as secure as its weakest link and shared servers increases the risk regardless... |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
Doulos
|
| Posted:
Fri Jul 07, 2006 2:26 pm |
|
hmm, could I password protect the coppermine folder with a .htaccess file? Would that help? I don't want to give up the photo gallery but I REALLy don't want to get hacked via that gallery. |
| |
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Fri Jul 07, 2006 3:27 pm |
|
well i doubt if its still that easy to get hacked,i dont know but its just a thought..
some big sites are still using it and aren't hacked....so why is that?
i think that if you run it with no upload privileges for members then it could be as safe as any other album. |
| |
|
|
|
|
montego
|
| Posted:
Fri Jul 07, 2006 10:22 pm |
|
| Ezekiel wrote: | | hmm, could I password protect the coppermine folder with a .htaccess file? Would that help? I don't want to give up the photo gallery but I REALLy don't want to get hacked via that gallery. |
Actually, that couldn't hurt unless every member is given upload capability. I agree with hitwalker regarding the upload capability. If you can live with that off for non-admins, it would be a good thing, but I am personally not going to vouch for whether it is completely safe.
You assess the risk, make your decision, take regular backups of files and database, and live with the results. That is my "motto". |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
