Sentinel and PostNuke

Posted: Fri Jul 23, 2004 11:55 am

I was wondering if anyone has tried Sentinel with PostNuke & how it is working with PostNuke, or if a PostNuke version is being planned.

I started with PHP-Nuke and have always favored it, but the every-other-month "new version" is getting to be a pain to keep up with, especially for my sites that are heavily modded. I have one site that takes about a week to upgrade because I have to edit and check so many files and then test to make sure whatever new changes in the latest PHP-Nuke distro don't cause an older module to crash. The last 5 sites I have set up have been either PostNuke or another cms because I am tired of doing 25-30 PHP-Nuke upgrades and security fixes.

Posted: Fri Jul 23, 2004 4:32 pm

Check out includes/pnAPI.php function pnSecureInput()

Look familar?
pnMailHackAttempt(__FILE__,__LINE__,'pnSecurity Alert','Intrusion detection.');

I've been getting about 10 of these alerts a day because they changed it in the .750RC3 $_REQUEST it was more specific before and generated very few false positives.
"The $_REQUEST superglobal is a combination of $_GET,$_POST and $_COOKIE"

Anyway I don't think it would take much to add specific filters to the function above. But don't look to the PN team to be real supportive look how well they recieved Fortress over there. [ Only registered users can see links on this board! Get registered or login! ]

Anyway I'd be inerested in expanding function if you are. But the pnsecurity model is much more solid to begin with and I hate to add anything that is just going to provide more over head to an already bloated system by adding filters for things the system isn't vulnerable to.

Posted: Fri Jul 23, 2004 5:39 pm

Grr! In fact I'm downloading another 107 of these emails now bet my host will be freakin if I don't disable this now and edit the function so it don't false pos so often!

Posted: Sat Jul 24, 2004 9:21 am

I was browsing the PostNuke cvs files. In .800 PNAntiCracker will become a module in its own right. Emulating Sentinel including the htaccess ban.

Posted: Mon Aug 02, 2004 5:28 pm

sixonetonoffun wrote:

I was browsing the PostNuke cvs files. In .800 PNAntiCracker will become a module in its own right. Emulating Sentinel including the htaccess ban.

Thanks for posting this info! Very Happy

I scanned through the features of .8 but must have missed seeing that. I don't get 1/10th as many attacks on my PostNuke sites as the PHP-Nuke sites. but the extra security would make me feel way better.

If FB is working toward a fully commercial version of PHP-Nuke as rumours would have it, he should get cracking on fixing the holes. I honestly wouldn't be interested in buying something I had to continually fix myself.

Posted: Mon Aug 02, 2004 5:55 pm

I've setup an .800 test site locally and here is an html generation of the config page for PostNukes future AntiCracker [ Only registered users can see links on this board! Get registered or login! ]

Its been pointed out to me that it is very similar to another application (Not Sentinel). But it looks very nice I must admit.

I for one will be a very happy camper when PostNuke Adam Baum goes RC. But I'm glad they chose not to rush it and have released backwards ports of many of the featured updates. (Ducks from all the tomato's chucked by the loyal PHPNukers!)