Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
Doulos
Life Cycles Becoming CPU Cycles



Joined: Jun 06, 2005
Posts: 732

PostPosted: Sat Jul 01, 2006 12:09 pm Reply with quote

I am running Coppermine stand alone accessed via a link in Site Navigation block. CPG is located outside of my PHP-Nuke directory and uses a seperate database. However, I do have a link back to my homepage within CPG. Does this still make my PHP-Nuke site vulnerable to attack through Coppermine?
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm



Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sat Jul 01, 2006 12:57 pm Reply with quote

Well this now depends on server security as I have seen coppermine allow things to be uploaded that could cause your server to get hacked instead of your nuke site. So check with your host to verify that server security is top notch but you have managed to run a script that is vulnerable to exploits but will not mess with your nuke site in particular. This is as secure as you yourself can make it. Now its server security.

This doesn't mean your coppermine wont be hacked, just means nuke site is not at risk, unless they are able to exploit cpanel or the server in another way. Wont be done from site level.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Wed Jul 05, 2006 8:11 pm Reply with quote

Well, I must respectfully disagree, especially is both installations are under the same web root. Even with PHP running as CGI instead of a DSO module won't be able to stop them if they can get in through Coppermine.

If these are even in separate web roots, but hosted on the same server, depending again on how PHP is configured with Apache, you may not be secure.

A web site (and server) is only as secure as its weakest link and shared servers increases the risk regardless...

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
Doulos







PostPosted: Fri Jul 07, 2006 2:26 pm Reply with quote

hmm, could I password protect the coppermine folder with a .htaccess file? Would that help? I don't want to give up the photo gallery but I REALLy don't want to get hacked via that gallery.
 
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661

PostPosted: Fri Jul 07, 2006 3:27 pm Reply with quote

well i doubt if its still that easy to get hacked,i dont know but its just a thought..
some big sites are still using it and aren't hacked....so why is that?
i think that if you run it with no upload privileges for members then it could be as safe as any other album.
 
View user's profile Send private message
montego







PostPosted: Fri Jul 07, 2006 10:22 pm Reply with quote

Ezekiel wrote:
hmm, could I password protect the coppermine folder with a .htaccess file? Would that help? I don't want to give up the photo gallery but I REALLy don't want to get hacked via that gallery.


Actually, that couldn't hurt unless every member is given upload capability. I agree with hitwalker regarding the upload capability. If you can live with that off for non-admins, it would be a good thing, but I am personally not going to vouch for whether it is completely safe.

You assess the risk, make your decision, take regular backups of files and database, and live with the results. That is my "motto".
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©