Unsolicited security advisories

Posted: Mon May 24, 2004 8:48 pm

Unsolicited security advisories

It has been reported throughout the community that there are multiple “Vendors” sending email messages to phpnuke webmasters offering their services to patch phpnuke websites. Some of these people may be legitimate but their sales pitch has been reported to be more like “Blackmail” by some users. This happens with more then just phpnuke its becoming a common practice of certain individuals looking to take advantage of the very real fear of compromised security.

There is no reason in my opinion to pay for security patches. Chatserv and Raven as well as others out there continue to patch all newly reported verifiable exploits. Not to mention many that never get reported publicly.

If you need help applying patches please seek out reputable help. Where can you find out what fixes should be applied? Here at Raven’s there are always announcements available regarding the latest patches and exploit prevention.
Also see [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ]

Where can you find professional help? Currently I know of no one source or referral service where people who need help can get it. I know Raven will do custom work and occasionally make referrals. Nor do I know of a reputable security team that works on hardening phpnuke (Sorry but most will laugh at the idea do to its long history of being a favorite target amongst script kiddies).

If paying someone to help with general setup and configuration of your site please be sure that they are applying all known fixes to your files before your site goes live!

Remember that as time goes by you are responsible for continuing to update your website. Don’t rely on phpnuke.org for patches sometimes they are released there sometimes they are not. Please don’t just give someone ca$h and expect they will apply the appropriate fixes. In fact this is one of the reasons packages like Ravens and NC-Beta distributions have been so successful.

If you need help in making a decision about who, what, why, where and when don't hesitate to ask in the forums or in private via PM.

sixonetonoffun

Client Joined: Apr 10, 2004 Posts: 649 Location: UK

Thanks for that, some people could be taken in by the email scam.

Does this not open up the possibility of legitimate coders to form a business with the sole purpose of installing and patching phpnuke?

If such a company was formed, and it was advertised freely on all phpnuke sites that agreed to publicise it (free), then it would get widely recognised as a legitimate service and people who send scam emails would soon get tired of their malpractise.

There must be some coders who are unable to get out to go to work, who could do this, or indeed, people who already run online businesses.

Just an idea.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Chat and I (and I'm sure MANY others) have discussed that here. Not a company, per se, but a Service. We (and others) do this right now, as side work, but haven't actually made a "formal" Service announcement. There are so many diversities when it comes to installations that I haven't been willing (as of yet) to advertise "come one, come all" Laughing

But you are correct - Opportunities abound! Maybe thatt's your next venture/adventure?

Posted: Wed Jun 09, 2004 9:58 am

lol Raven I don't have a quarter of the skills you or any of the others here do to offer a service.

I was kinda hoping you and your 'team' might, as we all trust you and respect you here.

I get lost in Admin Control Panel, let alone trusted to be let loose on someone's server rofl