Upstate Templates

New Member Joined: Feb 17, 2004 Posts: 13

Received newsletter from Upstate Templates which states:

"After 8 months with my current host, I have been informed by the administrators that phpnuke violates there new AUP and I have decided to switch over to Postnuke rather than go through the trouble of transfering my domain and propogating again just to stick with this portal system. They, like many, cite security and inefficient resource usuage as the reason."

Can someone explain what happened with his hosting outfit and will this become more prevelant in the future with other hosts? Is this going to be a concern for other phpnuke users?? What is it that is unique to phpnuke that is resulting in this issue? Thanks!

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

That appears to be a decision by that host based upon that host's AUP. I would ask the host for a detailed explanation, ie, the stats to back their claims. Nuke is gnu/gpl. PostNuke is plagued by security issues too, as any google search and even their own website will tell you. Postnuke also has inefficient resource usage where MySQL is concerned. Keep in mind that PN is a direct spin-off of phpnuke. I would question the host's server power in the first place. If they can't handle phpnuke then they are not going to fair much better with Postnuke. Just my $.02!

New Member Joined: Jul 22, 2004 Posts: 7

Well, say what you will , an ultimatum is an ultimatum. I have decided to use CPG-Nuke and the host (Hostnuke) agrees that would be a better choice.

All my current userbase will be lost due to the custom configuration I was running with phpnuke so at least my Swishmax blocks and modules will easily port.

It is not my place to dictate thier policy and at I have to agree that I did spend more time on server security in the last few months than on running my website. Sentinal was the only thing holding it all together.

I've also tested my Swishmax SQL menus and other current projects and they will still be compatible with both systems so other than the userbase, it will be a seamless switch in the end.

Postnuke was a depressing system and this CPG-Nuke change at least shows a ray of light on a bleak situation.

Posted: Sat Aug 07, 2004 3:44 pm

I'm not defending nor attacking anyone's product. I have no loyalties. Nothing wrong with cpg. They have minimzed the mysql calls but trust me, it's minutia. The amount of calls saved are miniscule when added up. As for security, cpg has applied Chat's patches and a few of their own. Coppermine has been shown to be one of the most vulnerable recently. So, even where nuke was secured, CM let hacking take place anyway. And you can rest assured that when waraxe pubishes her next exploit, cpg will be vulnerable too. It's just not used that much in comparison so it doesn't get the noteriety. So for your host to take a so called stand on phpnuke, of course that is their right. It's just laughable, to me, because they appear to allow the phpnuke base.

New Member Joined: Dec 22, 2002 Posts: 15

If my host ever told me that I could not use nuke or anything else that I rely on to run my website I would first give them the finger, second tell everyone to stay far away from them, and thirdly move to a better host.

I agree with Raven that it doesnt matter which nuke system you use its still the same in the end. Also remember that for every bug you fix you have just created two more. Its the law of programming.

Posted: Sat Aug 07, 2004 6:06 pm

I agree. I had no problem with CPG-Nuke and feel it's rediculous as you guys do.

If you could see my inbox for last evening you'd see how we fired off barbs at each other. Don't you worry...I'll be scoping out packages but want to be able to do it at my liesure and not in a rushed manner. My attitude is this:

I'm hundreds of bucks into this setup for this year out of pocket and don't want this kind of rug being pulled out in the future so at least i get to utilize the money already spent...price and compare without rushing and get my moneys worth. I've been serving since '88 and am no fool. Last nights decision was based on serving now under whatever portal will pacify them that will also let me accomplish my mission versus sitting and staring at my blank screen and trying to obtain a refund for monet already spent against a host who obviously will hide behind a AUP and TOS THEY can adjust to make sure they win.

My focus isnt so much the portal as the source code. I agree that CPG-Nuke won't solve anything but it's a bandaid I need right now for a very expensive hobby. Thanks for the support guys.

Client Joined: Apr 10, 2004 Posts: 649 Location: UK

Someone said to me the other day that they wouldnt use Nuke as it's well known for destroying mysql db's.

Obviously someone somewhere is talking thru the back of their pants and scaring hosting companies.

If it's installed properly and kept secure and updated there's no problem, maybe the hosting companies should really get off their butts and look into it more instead of telling some clients to get Nuke off their servers.

Maybe it's just that Nuke is more popular now than it's ever been and hosting companies have to work for their money more. Rolling Eyes

Posted: Sat Aug 07, 2004 6:12 pm

I believe that too Muffin. Heck, with Sentinal and .htaccess I rarely had trouble with phpnuke. The updating was a pain in he rump but it's part of life. Why they've chosen this path is beyond me but it sure sounds as if someone is giving hosts an unfair assessment of phpnuke as a portal. I've chosen CPG now simply because it will minimize he time i'll have to spend recoding my source and backside since he 2 are almost identical.

It's silly and after 8 months of pumpin the juice without so much as a burp at my serve with phpnuke....I think they are nuts.

Posted: Sat Aug 07, 2004 6:17 pm

I also want to add I blew my top so bad hat they've sent my emails to the CEO. I warned them if I get so much as 1 more harassing email from an admin I'm calling my lawyer, requesting logs and transcripts and will sue thier a@#es off for unfair business practices. That seemed to get the little woop of a tech's attentions and he hasn't said a peep since.

Posted: Sat Aug 07, 2004 6:19 pm

Sorry about the typing. My son spilled soda on my laptop and my "T" sometimes takes a siesta. Wink

Posted: Sat Aug 07, 2004 6:25 pm

I can't say I've tried them all but I have tried the largest competitiors and the fact remains PHPNuke is the easiest to use and create mods for. Until someone can seriously compete with its simplicity and market itself as such. It will continue to be largest most popular Portal system there is.

There are some things that could be done with the core to seriously speed it up I think. The language system is one that comes to mind. We store language files all over and lose a lot of performance right there. Not to mention each mod writer is adding new defines often for words that are already included in the default system.

Its something worth considering further I think.

Posted: Sat Aug 07, 2004 6:31 pm

Chris, I don't know what your requirements are, but unless you are requiring extensive disk space and band width, I may be able to host you for very little to see you through this. Contact me on YIM: gcfmaf if you are interested.

Hangin' Around Joined: Mar 22, 2004 Posts: 49

I'd just like to comment on this, Chris, can you name your host ? Just so that if ever in the future anyone I know is asking for hosting I'll make sure they stay clear away from the host your with now.

Seriously, their excuses for banning phpnuke's use with their hosting is disgracefull and shortsighted ! Sad

The hosting people I'm with recently (couple months back) banned emails coming from phpnuke sites and after it took me about 2 weeks to figure what the hell the problem was (they never told anyone what they did) I got onto them, roasted the hell out of them and they eventually made an annoucement about it. They still kept that silly policy in place (they said spam was coming from too many phpnuke installs that were insecure) so I remembered I had most of them on MSN (even their owner/founder) and had many arguments with them until it was eventually sorted and they relented.

Some hosts must employ complete idiots as I cannot understand why your hosting has banned phpnuke from being used, really can't, just cannot understand their reasoning at all.

Posted: Sat Aug 07, 2004 11:29 pm

I believe it's Upstate Templates

Posted: Sat Aug 07, 2004 11:50 pm

Chris420,
I highly recommend RavenWebhosting. Good support, great prices, no problems (other than the ones I have created myself).

My previous hosting company, LunarPages, runs CGI-PHP, but I needed PHP compiled as an Apache module. They more or less told me "Too bad, so sad". So Raven offered, and I took him up on his offer.

You won't be disappointed with Raven's webhosting

Posted: Sun Aug 08, 2004 2:06 am

Well, at least your host didn't say something really stupid like, "You can't run PHP-Nuke, you need to run something Microsoft."

Although I must agree with the posts that cite how few real core differences there are between the various PHP products including bb, nuke, cpg, postnuke, e107, etc... At least with the Chatserv patches, other security and mods, and some diligence Nuke (and the various aforementioned forks) still beat the (insert explative here) out of anything else I've seen.

As for PHP running in CGI mode, I haven't seen a whole lot of hosts NOT running PHP this way, my hosting included. Most hosts cite issues regarding the ability to restrict Addtype and Addhandler directives as well as the fact that it is installed this way by default on some of the latest Red Hat builds. I'm running in Safe Mode as well.

I'm not sure why you NEED PHP running any other way, at least I haven't found anything as of yet that won't run in CGI if the PHP.INI is setup correctly.

Smile

Posted: Sun Aug 08, 2004 8:30 am

There are several important advantages to running PHP as an Apache module and I actually find most hosts no longer use CGI . Performance is right at the top as CGI sets off individual instances and consumes more memory and cpu. Then, HTTP Auth is not available unless included in.htaccess or in the php.ini. In general, you have more control as a developer and more things at your disposal when run as a module. The CGI version is just out of touch these days. It was more needed when PHP was less secure, but now is more of a hassle, imo.

Posted: Mon Aug 09, 2004 9:06 am

Raven wrote:

I believe it's Upstate Templates

Sorry my bad, I thought that was just his general website's name not his hosting.

Posted: Mon Aug 09, 2004 2:44 pm

Quote:

There are several important advantages to running PHP as an Apache module and I actually find most hosts no longer use CGI .

Actually, I haven't found that to be true. In hosting surveys of NA domestic providers, we are seeing that at least 70% run PHP in CGI mode. Further, that server stability (becoming less of a factor now), security and the ability to control (and lock down) the enviornmental variables (for shared hosting servers) is the primary reason provided.

Truth be told, it is possible to run PHP in either mode, or BOTH succcessfully. For Microsoft servers, this is kind of a moot point in that CGI mode is pretty much the only way to run PHP, as ISAPI is no where near stable enough to be considered "production".

The primary advantage for running in CGI mode is that you can create safe chroot and setuid environments for scripts that will use PHP with different kinds of CGI wrappers.

Remember, it's not always JUST about PHP. Think "Virtual Hosting" and "suEXEC". But if you are needing HTTP Authentication hooks, you are correct in that they only available when it is running as an Apache module; however, Only "Basic" authentication is supported.

The folks at PHP are quick to point out this limitation and follow it up with:

Quote:

Compatibility Note: Please be careful when coding the HTTP header lines. In order to guarantee maximum compatibility with all clients, the keyword "Basic" should be written with an uppercase "B", the realm string must be enclosed in double (not single) quotes, and exactly one space should precede the 401 code in the HTTP/1.0 401 header line.

They have a pretty good thread about HTTP Authentication at [ Only registered users can see links on this board! Get registered or login! ]

Again, I can only emphasize that mod_rewrite can be used to get around this when in CGI mode, but I think we all know about that anyway, so I'll move on.

In a nutshell, I just wanted to mention that there are NO functions of Nuke that REQUIRE that PHP be run in as an Apache Module. As far as I know, there are NO PHP programs that are incompatible with PHP in CGI mode.

If there are such programs, they have been developed SPECIFICALLY for operations NOT in CGI mode (Meaning they lack compatibility standards) and therefor should be avoided (or at least second guessed for lacking standards compatibility) anyway. PHP in CGI mode has been "Gold Standard" of PHP stability for the past several years and YES, while there are differences between running as an Apache Module, there are advantages and disadvantages for running either way, depending on what your server is built like (hardware/OS/division of resources) as well as what kind of loads and traffic it is seeing.

Anyway... My concern with going into this is I have been hearing people say how "this won't run in CGI mode or that won't run in CGI mode" with others saying that these statements are true. Unfortunately, any such comments are purely misinformation. Again, I can only emphasize that there are VERY few things that PHP can't do in CGI mode, and those specific things are usually established in the PHP.INI by the host. These are not PHP limitations or restrictions, but rather PURELY configuration limitations or restrictions established by the host.

Just my two cents.