| Author |
Message |
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
 Posted:
Fri Oct 13, 2006 11:17 pm |
|
Any software you use, you will have to deal with security issues. phpNuke is a bigger target than most, and granted the original creator FB has some of the responsibility as well for the bad code he writes. But trust me, no software is immune.
Gotta keep up-to-date, or sooner or later, you will have problems. Whether that be your operating system (Windows anyone?) or server scripts like phpNuke |
_________________
- Only registered users can see links on this board! Get registered or login! -
Need help? Only registered users can see links on this board! Get registered or login! |
|
 
|
|
mrix
Client
Joined: Dec 04, 2004
Posts: 757
|
| Posted:
Sat Oct 14, 2006 3:13 am |
|
I am not really a complete noob to this really I have had a phpnuke website for a few years and in that time I have udated my websites with patches and sentinal security many many times. I have some very popluar websites and when you become popluar and get many visitors its at that time you trouble begins really. As many rival sites dont want to see you near the top.
They basically will find anyway in they can and even if you do upload all the patches and latest securites they will still find a way in like they are doing now!
Cheers
mrix |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Sat Oct 14, 2006 8:41 am |
|
But, I think a key point has been lost. mrix, you keep saying that you keep up-to-date with phpBB and NukeSentinel and the PHP-Nuke patches, but the "hole" may have nothing to do with these. This is the point that Raven is getting across. You could very well have a add-on module/block that was poorly written, has not been patched in years, or even has known vulnerabilities.
As the webmaster, YOU are responsible for ensuring that you are not opening yourself up to these vulnerabilities. That is NOT the webhost's responsibility and, in fact, the Host has a responsibility to protect all the other clients on the same shared server as well, and is perfectly within his own right to suspend your account if hackers end up using your account to attack others. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
mrix
|
| Posted:
Sat Oct 14, 2006 8:47 am |
|
The point I am making is that there can be so many holes with all the addons you can get  the ammount of modules you can use seems endless. and how many people actually know what modules are safe etc and how to find out if one is not? My point is even if you have security for your site totally up to date hackers can find other ways to attack your site.
I think thats a key issue many will install phpnuke which is secure with the patches and sentinals but then trash it with the add ons etc. It would be nice to have a site that actually has more secure modules.
Cheers
mrix |
| |
|
|
|
|
montego
|
| Posted:
Sat Oct 14, 2006 9:01 am |
|
| Quote: |
It would be nice to have a site that actually has more secure modules.
|
Actually, I agree. It would be nice to have some form of certification program around security. Problem is that no-one, including me, would want that kind of liability, whether it be against reputation or legal. |
| |
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Sat Oct 14, 2006 3:59 pm |
|
agree but wouldnt it be nice if the authors of 3d parties create more secure addons?
And as it took some time reading this topic i am a bit suprised ....
it seems unfair to even mention a host if you run into problems that may look like someone is running remote scripts trying to wipe out your site..
your host if its raven or anyone else isnt to blame for this.
naturaly you are responsible for your content,nobody else.
and as im a host to,im not as nice as raven is... 
i always used 7.6 3.0 , after that i never used the patches anymore....
simply because i never believed in it...
thats my right.....i always did loved sentinel and used the newest...
i always took care of my stuff...never messed around with it...
never used shitty designed mods....etc....
trust me...if anyone is capable of changing rights to certain folders then its your fault....somehow you made it possible for them.....
and in that light......i had about 20 / 30 attacks a week....
they always lost and they all had a date with sentinel....
mrix...i suggest you check your site real good... |
| |
|
|
|
|
evaders99
|
| Posted:
Sun Oct 15, 2006 9:03 pm |
|
If we all had time, then we could have some kind of certification process for different mods and addons. Alas, I don't think anyone has that kind of time  |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
