Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

File Permissions get changed
Goto page Previous  1, 2		 View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> phpnuke 7.6 Bugs/Fixes
Author Message
evaders99
Former Moderator in Good Standing



Joined: Apr 30, 2004
Posts: 3221
PostPosted: Fri Oct 13, 2006 11:17 pm Reply with quote
Any software you use, you will have to deal with security issues. phpNuke is a bigger target than most, and granted the original creator FB has some of the responsibility as well for the bad code he writes. But trust me, no software is immune.

Gotta keep up-to-date, or sooner or later, you will have problems. Whether that be your operating system (Windows anyone?) or server scripts like phpNuke

_________________
- Star Wars Rebellion Network -

Need help? Nuke Patched Core, Coding Services, Webmaster Services 
View user's profile Send private message Visit poster's website
mrix
Client



Joined: Dec 04, 2004
Posts: 757
PostPosted: Sat Oct 14, 2006 3:13 am Reply with quote
I am not really a complete noob to this really I have had a phpnuke website for a few years and in that time I have udated my websites with patches and sentinal security many many times. I have some very popluar websites and when you become popluar and get many visitors its at that time you trouble begins really. As many rival sites dont want to see you near the top.
They basically will find anyway in they can and even if you do upload all the patches and latest securites they will still find a way in like they are doing now!
Cheers
mrix
 
View user's profile Send private message Visit poster's website
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Sat Oct 14, 2006 8:41 am Reply with quote
But, I think a key point has been lost. mrix, you keep saying that you keep up-to-date with phpBB and NukeSentinel and the PHP-Nuke patches, but the "hole" may have nothing to do with these. This is the point that Raven is getting across. You could very well have a add-on module/block that was poorly written, has not been patched in years, or even has known vulnerabilities.

As the webmaster, YOU are responsible for ensuring that you are not opening yourself up to these vulnerabilities. That is NOT the webhost's responsibility and, in fact, the Host has a responsibility to protect all the other clients on the same shared server as well, and is perfectly within his own right to suspend your account if hackers end up using your account to attack others.

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
mrix
PostPosted: Sat Oct 14, 2006 8:47 am Reply with quote
The point I am making is that there can be so many holes with all the addons you can get Confused the ammount of modules you can use seems endless. and how many people actually know what modules are safe etc and how to find out if one is not? My point is even if you have security for your site totally up to date hackers can find other ways to attack your site.
I think thats a key issue many will install phpnuke which is secure with the patches and sentinals but then trash it with the add ons etc. It would be nice to have a site that actually has more secure modules.
Cheers
mrix
 
montego
PostPosted: Sat Oct 14, 2006 9:01 am Reply with quote
Quote:

It would be nice to have a site that actually has more secure modules.


Actually, I agree. It would be nice to have some form of certification program around security. Problem is that no-one, including me, would want that kind of liability, whether it be against reputation or legal.
 
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661
PostPosted: Sat Oct 14, 2006 3:59 pm Reply with quote
agree but wouldnt it be nice if the authors of 3d parties create more secure addons?
And as it took some time reading this topic i am a bit suprised ....
it seems unfair to even mention a host if you run into problems that may look like someone is running remote scripts trying to wipe out your site..
your host if its raven or anyone else isnt to blame for this.

naturaly you are responsible for your content,nobody else.
and as im a host to,im not as nice as raven is... Twisted Evil

i always used 7.6 3.0 , after that i never used the patches anymore....
simply because i never believed in it...
thats my right.....i always did loved sentinel and used the newest...

i always took care of my stuff...never messed around with it...
never used shitty designed mods....etc....

trust me...if anyone is capable of changing rights to certain folders then its your fault....somehow you made it possible for them.....

and in that light......i had about 20 / 30 attacks a week....
they always lost and they all had a date with sentinel....

mrix...i suggest you check your site real good...
 
View user's profile Send private message
evaders99
PostPosted: Sun Oct 15, 2006 9:03 pm Reply with quote
If we all had time, then we could have some kind of certification process for different mods and addons. Alas, I don't think anyone has that kind of time Smile
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> phpnuke 7.6 Bugs/Fixes
Goto page Previous  1, 2

 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©