Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
ladysilver
Hangin' Around


Joined: May 03, 2004
Posts: 49
Location: Cyberspace

PostPosted: Fri Jul 23, 2004 11:55 am Reply with quote

I was wondering if anyone has tried Sentinel with PostNuke & how it is working with PostNuke, or if a PostNuke version is being planned.

I started with PHP-Nuke and have always favored it, but the every-other-month "new version" is getting to be a pain to keep up with, especially for my sites that are heavily modded. I have one site that takes about a week to upgrade because I have to edit and check so many files and then test to make sure whatever new changes in the latest PHP-Nuke distro don't cause an older module to crash. The last 5 sites I have set up have been either PostNuke or another cms because I am tired of doing 25-30 PHP-Nuke upgrades and security fixes.
 
View user's profile Send private message Visit poster's website ICQ Number
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Fri Jul 23, 2004 4:32 pm Reply with quote

Check out includes/pnAPI.php function pnSecureInput()

Look familar?
pnMailHackAttempt(__FILE__,__LINE__,'pnSecurity Alert','Intrusion detection.');

I've been getting about 10 of these alerts a day because they changed it in the .750RC3 $_REQUEST it was more specific before and generated very few false positives.
"The $_REQUEST superglobal is a combination of $_GET,$_POST and $_COOKIE"

Anyway I don't think it would take much to add specific filters to the function above. But don't look to the PN team to be real supportive look how well they recieved Fortress over there. Only registered users can see links on this board! Get registered or login!

Anyway I'd be inerested in expanding function if you are. But the pnsecurity model is much more solid to begin with and I hate to add anything that is just going to provide more over head to an already bloated system by adding filters for things the system isn't vulnerable to.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
sixonetonoffun
PostPosted: Fri Jul 23, 2004 5:39 pm Reply with quote

Grr! In fact I'm downloading another 107 of these emails now bet my host will be freakin if I don't disable this now and edit the function so it don't false pos so often!
 
sixonetonoffun
PostPosted: Sat Jul 24, 2004 9:21 am Reply with quote

I was browsing the PostNuke cvs files. In .800 PNAntiCracker will become a module in its own right. Emulating Sentinel including the htaccess ban.
 
ladysilver
PostPosted: Mon Aug 02, 2004 5:28 pm Reply with quote

sixonetonoffun wrote:
I was browsing the PostNuke cvs files. In .800 PNAntiCracker will become a module in its own right. Emulating Sentinel including the htaccess ban.


Thanks for posting this info! Very Happy I scanned through the features of .8 but must have missed seeing that. I don't get 1/10th as many attacks on my PostNuke sites as the PHP-Nuke sites. but the extra security would make me feel way better.

If FB is working toward a fully commercial version of PHP-Nuke as rumours would have it, he should get cracking on fixing the holes. I honestly wouldn't be interested in buying something I had to continually fix myself.
 
sixonetonoffun
PostPosted: Mon Aug 02, 2004 5:55 pm Reply with quote

I've setup an .800 test site locally and here is an html generation of the config page for PostNukes future AntiCracker Only registered users can see links on this board! Get registered or login!

Its been pointed out to me that it is very similar to another application (Not Sentinel). But it looks very nice I must admit.

I for one will be a very happy camper when PostNuke Adam Baum goes RC. But I'm glad they chose not to rush it and have released backwards ports of many of the featured updates. (Ducks from all the tomato's chucked by the loyal PHPNukers!)
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©