Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Wed Jun 17, 2009 6:49 am Reply with quote

Regarding IP Tracking, the Excluded Range might be keeping a certain IP from being tracked. Not sure on this, but if this is a local set up, it might also be possible that the localhost IP is not tracked. I would wait and see with the upgrade and live site with activity what happens.

Regarding permissions, here is MY opinion on the subject:

.htaccess - must be 666 (in most hosting situations but not all) in order for NS to write the ban IP addresses to the file. If you have no desire for NS to do this, it can also be 644 (I would recommend having it write the bans...)

.staccess - I prefer 644 once I have set up my admins. If I need to set up a new admin later, I simple change to 666 temporarily, let NS write the hashes, then change it back. A little more secure this way IMO, but just a personal decision that I have made.

.ftaccess - in order for NS to write to it, needs to be 666. Thanks for pointing out that we have not explained that properly. We'll get that fixed.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Wed Jun 17, 2009 7:09 am Reply with quote

If your server is running PHP as CGI (using PHPSuExec) then the following permissions are applicable.
.htaccess 664
.staccess 644 (when adding/deleting admins or changing passwords you must temporarily change to 664. Change back to 644 after editing)
.ftaccess 664

If your server is running PHP as an Apache module then the following permissions are applicable:
.htaccess 666
.staccess 644 (when adding/deleting admins or changing passwords you must temporarily change to 666. Change back to 644 after editing)
.ftaccess 666
 
View user's profile Send private message
thebaddestass
Hangin' Around


Joined: Dec 21, 2006
Posts: 25

PostPosted: Wed Jun 17, 2009 5:43 pm Reply with quote

Awesome, thanks for the info, I may upgrade to 2.6 tonight if I can find the time.

I know my server is running apache, so I would assume it is using the apache module, but I am not 100% sure, I guess only my host would know that right? Also, it looks like the code you posted was for machines NOT running as apache module, so it is different code for one running as apache module?
 
View user's profile Send private message
montego
PostPosted: Thu Jun 18, 2009 7:16 pm Reply with quote

thebaddestass, not sure I am understanding your question as I believe Raven posted permissions for both scenarios?
 
thebaddestass
PostPosted: Mon Jun 22, 2009 8:13 pm Reply with quote

Hey thanks for the reply.

One quick question before I upgrade NS. The readme says this:

NukeSentinel(tm) requires PHP-Nuke Patched 3.3+.

Since I am running 3.1 should I update to 3.5 before upgrading NS?
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Jun 22, 2009 8:36 pm Reply with quote

You should definitely upgrade to 3.5, as there are many security fixes in there

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
thebaddestass
PostPosted: Sun Jun 28, 2009 12:09 pm Reply with quote

So I updated to my 7.6 nuke to patched 3.5. The install says if you are patched to 3.1, which I am, then there is no need to run the update files...yet i get this after uploading the files:

There seems to be a problem with the MySQL server, sorry for the inconvenience.

We should be back shortly.

Any ideas?
 
nuken
RavenNuke(tm) Development Team


Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina

PostPosted: Sun Jun 28, 2009 4:21 pm Reply with quote

Check you config.php and make sure your settings are correct. Also, it may just be your server is temporarily down.

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
thebaddestass
PostPosted: Sun Jun 28, 2009 6:11 pm Reply with quote

You were right, it was my server config file, didn't realize the update had a new one. Thanks.
 
thebaddestass
PostPosted: Mon Jun 29, 2009 11:10 am Reply with quote

Ah yes, now I remember why I never updated to 3.5. It strips out all the html stuff.

Now in my messages on homepage, I can't embed music or most basic HTML functions. I remember this in the past and even adding to allowable HTML didn't work in the past. I will work on that.

Plan to update NS tonight to latest version.
 
thebaddestass
PostPosted: Mon Jun 29, 2009 11:49 am Reply with quote

Ok, can someone help with the embedding into messages on homepage?

<embed src = "http://www.mydomain.com/downloads/mysong.mp3" autostart = "true" loop = "false"
volume = "50%" height = "60" width = "145">

I have ran this embedded code on my website since day 1 and now that the patches are in place, it doesn't work.

I added this to the config file under allowable HTML:

"embed"=>2

And now it doesn't strip the code, but just shows a box and won't display windows media player as it did in the past, or whatever your default media player shall be.

How can I get my embedded player back working?
 
thebaddestass
PostPosted: Sun Jul 05, 2009 3:11 pm Reply with quote

montego wrote:
The full install kit has an option to Remove NS tables. Do this first. Then install the fresh 2.6.1 tables.



I have a question about the way to remove the NS tables. Where does this option occur, when I run the nsnst.php file? The install doesn't talk much about anything sql wise except for ip2country stuff.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©