| Author |
Message |
themadhacker
Worker
Joined: May 30, 2006
Posts: 100
|
 Posted:
Thu Apr 03, 2008 12:27 pm |
|
Still no news as of yet and a read of my info.php file still shows it as "Off". But wanted to comment on Guardian's post.
I would not be totally against going another route to get it working again. However I dont think that having php configured to do everything phpNuke requires in its basic(or RN)form is too much of me to ask from a hosting provider.
I do understand that with this being primarily an ISP that he has to look out for security so he can provide internet to his customers. So I am thinking that if he wont/cant fix this...I will just find another reseller package from another provider that is close to what I am paying now. I dont want to make my friend mad at me for doing that....but I do actually resell some accounts and for that very reason my customers dont need to have to search forums for tricky ways to get around this each time they want to install Nuke.
Thanks and I will be in touch with everyone on the thread as more develops.  |
| |
|
|
|
themadhacker
|
| Posted:
Thu Apr 03, 2008 1:08 pm |
|
While pondering for a few minutes I thought I would dig into the net and see if there were any references of anyone using .htaccess to turn this on. I found a few things but one thing that stood out is that someone commented that most ISP's will have this turned off for security reasons.
Since my friend is an ISP first(hosting service 2nd)....I am thinking that he isnt going to turn it on or else he would have like he said last night.
How big of a security risk is having this turned on? Just to educate myself on it more. And I know that Guardian posted that there could be a work around by means of editing the code. So how involved are the edits?...and what are the reprecussions of doing them?
I guess I would like to really know why Nuke still is coded in such a way that this has to be enabled for these feeds to work...when the general consensus is that its not a good idea to have it turned on to start. Most of what I have read is that the php community in general liked it when this was introduced in 5.1 (i think) because they could have URL_FOPEN to be on while turning off URL_INCLUDE.
What are your general opinions on this as a whole?
Thanks |
| |
|
|
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Thu Apr 03, 2008 1:19 pm |
|
Honestly, people have no idea for the most part how to secure php.
See, somethings have functionality, but have a potential for security whole, the fact that there is potential security issues, doesnt mean that it is a security issue.
If php is compiled with the correct modules, and other apache security methods are in place, you have nothing to worry about.
For example, as good as sentinel and other modules are to protect nuke from certain attacks, if host would install and utilize mod_security, meaning they add rules for it, mod security could do half the job of sentinel. Sentinel does a few things mod_security isnt capable of, but my point is, possible risk can be eliminated with a host that uses correct methods for security.
This option opens sites upto POSSIBLE cross site scripting, but in reality, with sentinel there and whatever your host has for security, it is no more risky then having your site online.
As others have said before, It's not possible to secure a site so well, that noone can ever hack it(you cant stay that far ahead of hackers), so if you want it online, it's a risk you must take.
In this instance though, you and your host are not taking security risks, it really isnt a risk with RN. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
   
  |
|
themadhacker
|
| Posted:
Thu Apr 03, 2008 6:58 pm |
|
gregexp...
Thanks for the explanation. Even though I have been a longtime user of Nuke I have always been fortunate to have everything "just work" on the webserver end. So when this issue came to be I didnt know exactly where to start troubleshooting but eventually knew it HAD to be the webserver.
Now I just need to read/learn more about the inner workings of php and its dependancies.
Still nothing changed on the webserver yet to report. But its supposedly to happen tonight. I'll keep ya updated! |
| |
|
|
|
|
themadhacker
|
| Posted:
Sat Apr 05, 2008 8:54 am |
|
Update.
After finding out that my host did NOT restart Apache after making the changes to the varialbe/directive...is why I did not see any change in settings from my info.php output.
After talking to him last night....and having him reboot Apache I now see the changes and my RSS feeds work as they once did.
Thank you to everyone that contributed ideas to this thread to help me get it going again. You guys are great!
|
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Sat Apr 05, 2008 10:21 pm |
|
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sun Apr 06, 2008 2:54 am |
|
I'm glad you finally got it sorted |
| |
|
|
|
|
gregexp
|
| Posted:
Wed Apr 09, 2008 4:50 am |
|
Montego, do you have a quick reply with that in it? If so, I want it, too many people here know the cost of their own website, but forget that ravens isnt free either lol. |
| |
|
|
|
|
montego
|
| Posted:
Wed Apr 09, 2008 5:42 am |
|
gregexp, not sure what you are asking exactly, but the bottom line is that Raven has been below his target in his donations block for a very long time.  |
| |
|
|
|
|
|
|
Think what it takes to run a site like this. These forums are huge.
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
