Why You Should NOT Use PHP-Nuke Versions 7.7 or 7.8 Explained

Posted on Tuesday, June 28, 2005 @ 08:16:28 UTC in Opinion
by Raven

64bitguy writes:  
In an effort to help Nuke users understand important issues regarding Nuke Versions 7.7 and 7.8, I have written an article that explains Why You Should NOT Use PHP-Nuke Versions 7.7 or 7.8

This article covers some of the technical and physical reasons why these two versions of Nuke mark a horrible step backwards in design evolution while demonstrating examples of vulnerabilities and lost features. I urge users that might have already employed Nuke 7.7 or 7.8 (or those considering it) to read this information so that they may make an informed decision and understand the major problems with these two latest versions.
Note:
(From Raven) This is a very well written article and is a MUST read for all contemplating using phpnuke v7.7 or v7.8 and especially for those who already are using it.
 
 
click Related        click Share
 
 

Re: Why You Should NOT Use PHP-Nuke Versions 7.7 or 7.8 Explained (Score: 1)
by ToolBox on Wednesday, June 29, 2005 @ 06:11:07 UTC
  
(User Info | Send a Message)

This is true and I totally agreed. I experimented a lot of 7.7/ 7.8 and felt that these versions should be used with wysiwyg-off. Without wysiwyg option, it runs in a pretty secure. However, the main point exists in this context. Infact, BB2Nuke new version, advertising module (loosely coded!!!), and Karma are only different components. This indicates the crux of why we have to use 7.7/ 7.8 with no new features. Even though I run 7.7/ 7.8 both, I prefer to use 7.6, in this context.

Re: Why You Should NOT Use PHP-Nuke Versions 7.7 or 7.8 Explained (Score: 1)
by Guardian2003
on Wednesday, June 29, 2005 @ 07:55:41 UTC
(User Info | Send a Message)

I am going to take the unusual (for me) step of entering the melee.
Many of you may have heard of Fantastico - software that allows hosting providers to provide quick installations of popular scripts, including phpNuke and ask anyone who has an opnion on the latest versions or indeed the insecurities the FB has provded us with to join the debate at the Fantastico support site in order to get phpNuke removed from Fantastico.
Please join the debate here at;
http://netenberg.com/forum/viewtopic.php?p=13929#13929

Re: Why You Should NOT Use PHP-Nuke Versions 7.7 or 7.8 Explained (Score: 1)
by money
on Wednesday, June 29, 2005 @ 18:06:50 UTC
(User Info | Send a Message)

He doesn't seem to care about host and end-user security. Why should he? With you all willing to help their product's end-users for free, there is no incentive to take responsibility in distributing secure scripts.

IMO it's not fair for them to make money while at the same time burdening the open-source communities with the headaches their product generates. Granted Fantascio creators are not the authors of all the scripts, but they should take some responsibility here in not distributing security-hole ridden ones even if the project is active. Since they seem reluctant to do this, I recommend you start charging a nice big fee to help anyone who uses a script installed by their product. If you need to install a new version of nuke, charge the person for it. There's no reason these companies should make money while you mop up the mess they create without being compensated too.

Re: Why You Should NOT Use PHP-Nuke Versions 7.7 or 7.8 Explained (Score: 1)
by Guardian2003
on Thursday, June 30, 2005 @ 02:07:35 UTC
(User Info | Send a Message)

I offer free installation of 'fixed' versions of phpNuke but I'm stopping at version 7.5

On reflection, perhaps it wa a little naive of me (and a bit overzealous) to ask Fantastico to drop phpNuke from its installable scripts but I do feel they should put some disclaimers and support advice in their product warning users of the potential risks of using their installations of phpNuke.

Re: Why You Should NOT Use PHP-Nuke Versions 7.7 or 7.8 Explained (Score: 1)
by money
on Thursday, June 30, 2005 @ 13:08:44 UTC
(User Info | Send a Message)

I think it's natural to expect product makers to act responsibly, but unfortunately some don't. IMO the folks who need Fantastico are the very ones who also need some assurance an installed script is secure. Those who know how to patch and upgrade software frankly don't need their product.

I hope I didn't sound flip in suggesting you all charge money. Another open source project, which I can't remember the name right now, was in a similar situation. I think cpanel was the one which added this project's software to their installation tool. To properly install it though, the user must have root access. Users of this tool started bothering the project's community about how different features did not work. So, the lead programmers asked cpanel to remove their software.

After multiple requests with each being ignored, the programmers put up a notice on their site explaining why cpanel's tool did not install their software correctly. Anyone who insists on using it will be charged something like $50 or $60 per hour or any portion of an hour for questions asked or assistance needed. This eventually forced cpanel to drop their software. When IPB switched over to a paid product, they stopped providing free software patches, upgrades, and support to non-paying users. As pointed out in that thread, Fantastico ended up having to drop IPB's prior free versions.

These install tool makers are very dependent on open source communities providing free software support. If they won't willingly act in a responsible manner, you all can always hit them right where it hurts -- at their own end-users. You can't do it alone. This must come from the group who are currently providing free patches and support. They have to stop free service and patches to Fantastico users. Eventually, that company will be faced with either dropping Nuke or listening to which version should be distributed.

Re: Why You Should NOT Use PHP-Nuke Versions 7.7 or 7.8 Explained (Score: 1)
by Guardian2003
on Friday, July 01, 2005 @ 02:16:01 UTC
(User Info | Send a Message)

That is part of the problem - Fantastico have no intention of using thrid party fixes as part of the core installation, they will only include code from the originating project.
At this juncture, we can only hope they might consider an 'alternative' project which has the fixes in place as a replacement for phpNuke.

 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,642,820
  • Today: 10,122
Server InfoServer Info
  • Mar 29, 2024
  • 07:12 am UTC