Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
BryanSw
New Member
New Member


Joined: Jan 25, 2006
Posts: 2

PostPosted: Wed Jan 25, 2006 9:23 am Reply with quote

I'm new here and still kind of new to using php-nuke. I'm using version 7.9.31 and have come upon a pretty serious problem I think.

I have been using a application called GsiteCrawler to generate a sitemap for my website. It's a nice program and work well. The problem is that while it is crawling your website using multiple crawlers the website gets corrupted. Or, rather the MySql database it uses gets corrupted.
I was using it and while it was running crawling my site I opened my browser and went to my site. Many parts of the site were no longer operating (modules and Blocks). Some were not even visible. I knew it was a database problem. I the went to admin.php and it displayed the form for entering a new admin name and password. Just like it would when you first install php-nuke and go to admin.php.
I didn't want to enter in new admin logon name and password fearing it would screw up the database even more. So, I went into my server control panel and checked out the database. It was showing that many tables had be corrupted. I had to manually repair each table.
I went back to the my website with IE and now everything was functioning good as it should.

Now I've run GSiteCrawler several other times and everytime I run it to crawl my site it does exactly the same thing again. Once I noticed a error message that Database had run out of memory. I had to have my website host reset the server to get things working again.

The whole issue here seems that running GSiteCrawler will corrupt the MySql Database and allow someone to enter admin.php and reset the admin's logon name and password. It seems to overload the server I think. Maybe something to do with using sessions I think. As it is one of the tables that get corrupted.

I not sure why this happens as I'm not well versed in MySql or Php programming. I have only a few months experience with it so far.
So, maybe someone here can look into this better then I can.

Thanks,
Bryan
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Wed Jan 25, 2006 10:19 am Reply with quote

I use the same software so it isnt that.
I may be your host has set a limit on the number of mysql requests it allows to prevent resources from geting out of hand - on you on a shared hosting environment?
BTW you can limit the number of crawlers it uses through its config interface - it will take linger to crawl your site but it may be worth trying.
 
View user's profile Send private message Send e-mail
BryanSw
PostPosted: Wed Jan 25, 2006 10:45 am Reply with quote

Guardian2003 wrote:
I use the same software so it isnt that.
I may be your host has set a limit on the number of mysql requests it allows to prevent resources from geting out of hand - on you on a shared hosting environment?
BTW you can limit the number of crawlers it uses through its config interface - it will take linger to crawl your site but it may be worth trying.


I set crawlers to 3 last night and it did it again. It's odd too that my Host's admin panel offers PhpMyAdmin and it also generates a error when trying to log into it. The Admin panel also allows you the option to repair your database files so this is what I have to use to get my site working again.
Yes, I'm on a shared server I believe.
If this program causes a problem like this using only 3 crawlers what will happen then I get more the 3 users at the same time on my site. My website is only about a month old and I don't get any traffic to it yet.
Do you think if I get 3 or more users I'll have a similar problem?
Also even if the host is limiting the number of Mysql requests how does this cause my Database to get screwed up?
Sorry for so many questions I'm just trying to get a handle on whats going on. I like php-nuke alot. I use to run subdreamer and it wasn't as good as others have said. Mambo might be my next choice if Php-Nuke causes to many security problems. Although I guess mambo has it's problems also.

Thanks,
Bryan
 
Guardian2003
PostPosted: Wed Jan 25, 2006 4:29 pm Reply with quote

I'm far from an expert but the fact you are implying the data is getting corrupted seems to indicate a problem with yout host.
Perhaps they update their mysql version recently and only did half the job?
Contact your host and ask them whats going on.
 
Dawg
RavenNuke(tm) Development Team


Joined: Nov 07, 2003
Posts: 910

PostPosted: Wed Jan 25, 2006 7:25 pm Reply with quote

BryanSw,
Id this a "Fresh" site? How much content do you have in it? My suggestion is to DUMP 7.9 like a HOTT ROCK and go with Ravens Distro. The greatest minds of the Nuke world still don't have 7.9 close to secure. 7.6 is the best it gets.


Dawg
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Wed Jan 25, 2006 9:05 pm Reply with quote

I agree with Dawg about using 7.6 - and RavenNuke76, specifically, but I think Guardian is correct, too. The problem seems to be with the host - or with the database running on the host server. The database software could be messed up, or simply not configured correctly. Either way, I'd suggest requesting that the host look into it. I'd bet that other sites on the same server have similar issues.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
jpeadro
New Member
New Member


Joined: Jan 10, 2006
Posts: 13

PostPosted: Fri Feb 10, 2006 8:07 pm Reply with quote

How about using the OS permissions and lock down the admin.php & /admin folder? Then utilize SSL to secure the login process.
 
View user's profile Send private message AIM Address
Guardian2003
PostPosted: Sat Feb 11, 2006 6:11 am Reply with quote

SSL will only secure the log-in process, it will not secure code which is buggy or susceptable to a vulnerability.
 
VinDSL
Life Cycles Becoming CPU Cycles


Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com

PostPosted: Sat Feb 11, 2006 5:25 pm Reply with quote

BryanSw wrote:
I went into my server control panel... It was showing that many tables had be corrupted. I had to manually repair each table...

Can you explain this a little more -- how you determined they were corrupt -- exactly what you did 'manually' to fix them, et cetera?

Personally, when my sql db gets corrupt, I use phpMyAdmin to repair the problem[s]. Works every time, and it's a simple point n' click, 'push-button' process. Wink

The only 'manual' thing I do in my db (on a regular basis) is get rid of bogus HTTP referers, from porn sites, and such, e.g. 'referral spammers'...

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©