Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - All Issues
Author Message
themadhacker
Worker
Worker


Joined: May 30, 2006
Posts: 100

PostPosted: Thu Apr 03, 2008 12:27 pm Reply with quote

Still no news as of yet and a read of my info.php file still shows it as "Off". But wanted to comment on Guardian's post.

I would not be totally against going another route to get it working again. However I dont think that having php configured to do everything phpNuke requires in its basic(or RN)form is too much of me to ask from a hosting provider.

I do understand that with this being primarily an ISP that he has to look out for security so he can provide internet to his customers. So I am thinking that if he wont/cant fix this...I will just find another reseller package from another provider that is close to what I am paying now. I dont want to make my friend mad at me for doing that....but I do actually resell some accounts and for that very reason my customers dont need to have to search forums for tricky ways to get around this each time they want to install Nuke.

Thanks and I will be in touch with everyone on the thread as more develops. Smile
 
View user's profile Send private message
themadhacker
PostPosted: Thu Apr 03, 2008 1:08 pm Reply with quote

While pondering for a few minutes I thought I would dig into the net and see if there were any references of anyone using .htaccess to turn this on. I found a few things but one thing that stood out is that someone commented that most ISP's will have this turned off for security reasons.

Since my friend is an ISP first(hosting service 2nd)....I am thinking that he isnt going to turn it on or else he would have like he said last night.

How big of a security risk is having this turned on? Just to educate myself on it more. And I know that Guardian posted that there could be a work around by means of editing the code. So how involved are the edits?...and what are the reprecussions of doing them?

I guess I would like to really know why Nuke still is coded in such a way that this has to be enabled for these feeds to work...when the general consensus is that its not a good idea to have it turned on to start. Most of what I have read is that the php community in general liked it when this was introduced in 5.1 (i think) because they could have URL_FOPEN to be on while turning off URL_INCLUDE.

What are your general opinions on this as a whole?

Thanks
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Thu Apr 03, 2008 1:19 pm Reply with quote

Honestly, people have no idea for the most part how to secure php.

See, somethings have functionality, but have a potential for security whole, the fact that there is potential security issues, doesnt mean that it is a security issue.

If php is compiled with the correct modules, and other apache security methods are in place, you have nothing to worry about.

For example, as good as sentinel and other modules are to protect nuke from certain attacks, if host would install and utilize mod_security, meaning they add rules for it, mod security could do half the job of sentinel. Sentinel does a few things mod_security isnt capable of, but my point is, possible risk can be eliminated with a host that uses correct methods for security.

This option opens sites upto POSSIBLE cross site scripting, but in reality, with sentinel there and whatever your host has for security, it is no more risky then having your site online.

As others have said before, It's not possible to secure a site so well, that noone can ever hack it(you cant stay that far ahead of hackers), so if you want it online, it's a risk you must take.

In this instance though, you and your host are not taking security risks, it really isnt a risk with RN.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
themadhacker
PostPosted: Thu Apr 03, 2008 6:58 pm Reply with quote

gregexp...

Thanks for the explanation. Even though I have been a longtime user of Nuke I have always been fortunate to have everything "just work" on the webserver end. So when this issue came to be I didnt know exactly where to start troubleshooting but eventually knew it HAD to be the webserver.

Now I just need to read/learn more about the inner workings of php and its dependancies.

Still nothing changed on the webserver yet to report. But its supposedly to happen tonight. I'll keep ya updated! Smile
 
themadhacker
PostPosted: Sat Apr 05, 2008 8:54 am Reply with quote

Update.

After finding out that my host did NOT restart Apache after making the changes to the varialbe/directive...is why I did not see any change in settings from my info.php output.

After talking to him last night....and having him reboot Apache I now see the changes and my RSS feeds work as they once did.

Thank you to everyone that contributed ideas to this thread to help me get it going again. You guys are great!

Smile
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Sat Apr 05, 2008 10:21 pm Reply with quote

Tell your friends:

RavensScripts

and help keep this site going with a donation here or there... Wink Think what it takes to run a site like this. These forums are huge.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Sun Apr 06, 2008 2:54 am Reply with quote

I'm glad you finally got it sorted Smile
 
View user's profile Send private message Send e-mail
gregexp
PostPosted: Wed Apr 09, 2008 4:50 am Reply with quote

Montego, do you have a quick reply with that in it? If so, I want it, too many people here know the cost of their own website, but forget that ravens isnt free either lol.
 
montego
PostPosted: Wed Apr 09, 2008 5:42 am Reply with quote

gregexp, not sure what you are asking exactly, but the bottom line is that Raven has been below his target in his donations block for a very long time. Sad
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RN v2.20.00 - All Issues

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©