Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Issues experienced with Suhosin PHP Extension
 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x
Author Message
intel352
New Member
New Member



Joined: Mar 09, 2004
Posts: 14
PostPosted: Thu Nov 30, 2006 3:39 pm Reply with quote
I'm using Only registered users can see links on this board! Get registered or login! from Hardened-PHP on my webserver, but whenever I have the extension enabled, Sentinel doesn't want to function...

Has anyone been able to get Sentinel working properly with Suhosin? This server is a webhosting server, so I have to protect all of the hosted accounts, but some accounts use Nuke Evo + Sentinel, and I don't want to break their websites...

Any ideas?
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661
PostPosted: Thu Nov 30, 2006 6:59 pm Reply with quote
Huh...why you need Suhosin?
If your server is properly configured and has all mods running etc......then you dont need that..,not even with mutiple hosting accounts/customers..
As i was looking at the Suhosin site their forum has some topics to laugh on...

Quote:
Did Suhosin protect your site from an attack? Share your story here..


Total posts... 0

But person who's most qualified (i think) to answer this is raven...
 
View user's profile Send private message
intel352
PostPosted: Thu Nov 30, 2006 7:16 pm Reply with quote
I know that Suhosin is an excellent extension, so regardless of the fact that most people wouldn't know how to find out if they've been protected from a hack attempt, I know it works.

For instance, when I enabled Suhosin, one of the other server admins that had a few poorly coded scripts, had his scripts stop working Smile

One script had a \n in the Subject of emails that it was attempting to send out. That's one thing that Suhosin blocks.

Another script included a file from the admin's own website, but was including it using http://www.hissite.bla/includefile.php instead of the relative file path. Remote file inclusion is a way that we have been infiltrated in the past, Suhosin blocked it in a friendly script (and I was able to easily fix both scripts).

So, in short, I want & need Suhosin, I'm actually less sold on the ability of Sentinel to protect a website than Suhosin (Suhosin does much of what Sentinel tries to do, except handles it at a lower level which means better performance, and operates across all sites, not just Nuke sites).

Regardless, raven, got any ideas as to why Sentinel would break with Suhosin?
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel(tm) v2.4.x


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©