Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Security Consulting?
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Leomania
New Member
New Member



Joined: May 23, 2005
Posts: 10
PostPosted: Thu May 26, 2005 10:55 am Reply with quote
I'm creating on a Nuke-based site with a couple of partners and I'm working on some due diligence in terms of security for the business plan. I'm curious if there are some trusted people/sites that provide security consulting. Does anyone know what resources are out there that have the time and inclination to do this kind of work? Please note that I'm talking about a paid gig here.

I'd like to have someone who is knowledgeable about not only PHP-Nuke but also the operating system (Linux), Apache, PHP and MySQL. Most likely the site will end up on a dedicated server to allow full control of the software environment, so being able to enable the desired functionality in PHP-Nuke without opening up security holes is the primary focus. Or more to the point, locking down the box and the software environment until Nuke *just* runs is the goal, along with having some of the security/feature tradeoffs explained.

Additionally, recommendations about things like reducing server load/bandwidth, mods to be wary of, etc. a big plus.
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Sat May 28, 2005 12:41 pm Reply with quote
That's quite a bit to try to respond to Smile PHP Nuke is best secured by using the latest version with the latest patch level. That foritfies the code as to what we know has issues. Then, install NukeSentinel(tm) for protection against all known XSS and admin hacking exploits. There's not much more you can do. You would want to delete all blocks and modules that you are not using. There have been exploits that actually worked whether the module was active or not! That's the easy part of the answer.

Now, as a host myself, I have become quite familiar with several means of hardening my server. But, I am by no means an expert. I'm more of a seasoned veteran. I do have 36 years of system programming and development under my belt so I do understand business plans and such.

You might want to eventually look into managed hosting, which is what I pay extra for. That allows me to concentrate on hosting and programming and leaves the server setup and maintenance (including hardware breakdowns and replacement) to my host/data center. I can add and remove and have complete control but I do not have to worry about the core operating system and server setup. As I work a full time job I just don't have the time to baby sit my servers.

I would be available to consult with you on an hourly basis if you would desire.
 
View user's profile Send private message
Leomania
PostPosted: Sun May 29, 2005 11:50 pm Reply with quote
Quote:
That's quite a bit to try to respond to Smile

What, I'm supposed to make it easy? Laughing

Quote:
Now, as a host myself, I have become quite familiar with several means of hardening my server. But, I am by no means an expert. I'm more of a seasoned veteran. I do have 36 years of system programming and development under my belt so I do understand business plans and such.

That's exactly what I'm looking for, the kind of "where the rubber hits the road" sort of experience. I figured that I could PM either you, Bob or chatserv and get an answer, but I couldn't assume I'd found all the good sources that were out there; I thought I had better ask. Glad you responded.

Quote:
You might want to eventually look into managed hosting

I've already put this into the business plan as one of the possible (and recommended) costs of site operation. My current host charges $100/mo for management of their dedicated servers, and I'm lucky that they're local to me so I can probably have a sit-down with the owner and have a good conversation about what to expect. I think it's the right way to go as long as we are in agreement about what's covered and what's not in that fee. I can forsee that a major breach could make that a losing proposition for the unprepared host, so I want to have that conversation with them before opening the site for general consumption.

Quote:
I would be available to consult with you on an hourly basis if you would desire.

That's the sort of thing I would like to have; I'll PM you to discuss in more detail over the next couple of days. Social engagements getting in the way this weekend... Wink

Cheers,

- Leo
 
64bitguy
The Mouse Is Extension Of Arm



Joined: Mar 06, 2004
Posts: 1164
PostPosted: Wed Jun 01, 2005 10:50 pm Reply with quote
I would HIGHLY recommend that you consider moving to a stable shared hosting environment like Raven's which will not only be much less expensive, but also deliver all of the functionality that you need for a Nuke domain, without having to worry about all of the management issues.

The money you would otherwise spend on dedicated hosting could be better spent on customization of your nuke solution to meet your needs and as you can see here, performance wouldn't be an issue.

Just my two-cents.
Steph

_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. 
View user's profile Send private message
Leomania
PostPosted: Thu Jun 02, 2005 10:45 am Reply with quote
Quote:
I would HIGHLY recommend that you consider moving to a stable shared hosting environment like Raven's which will not only be much less expensive, but also deliver all of the functionality that you need for a Nuke domain, without having to worry about all of the management issues.

I have this situation today with my existing sites. Although my shared hosting provider is reputable and responsible, the shared server I am on gets pretty darned busy during the day; much less so than previous providers I have used, but still there's no upside potential for what I expect will become a moderately busy site.

Also, a shared server necessarily has more software installed and more opportunities for some other user who is not paying attention to security of their site to compromise mine. Settings on the machine cannot be modified to increase security if they will impact other users.

Am I being a worry-wart? Yeah, probably so. But it's higher-risk so I need to cover my bases in the biz plan, as my partners are technical but have less experience with server environments. In the end it comes down to a cost/benefit tradeoff, and I'm not particularly unhappy with the costs I've been quoted thus far.

Thanks for the input!

Cheers,

- Leo
 
zanep
New Member
New Member



Joined: Apr 11, 2008
Posts: 1
PostPosted: Fri Apr 11, 2008 5:41 pm Reply with quote
I am interested if you still do this. I have a group that I manage and need to keep secure. please email zane@zaneperry.com if you do this.
 
View user's profile Send private message
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
PostPosted: Sat Apr 12, 2008 3:53 am Reply with quote
If you mean if Raven still does hosting then see this website: http://www.ravenwebhosting.com/
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©