 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 394 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
 I see it asked so often, so I thought a nice example would help to answer the question: "How secure is PHPNuke"?
Objectively the answer is more general then you think, and as specific as you want. First, PHPNuke is on the same level as any other software or hardware service out there.
Hardware you say? Yes hardware. Here are some examples of hardware systems that are "not secure" because they do run off of firmware (or software):
http://www.computercops.biz/article1700.html
http://www.computercops.biz/article423.html
http://www.computercops.biz/article406.html
http://www.computercops.biz/article267.html
Well worth the read as they are eye openers.
Ok, what about other online portals/forums?
vBulletin: http://www.computercops.biz/article1907.html
http://www.computercops.biz/article577.html
Ikonboard: http://www.computercops.biz/article219.html
YaBB: http://www.computercops.biz/article959.html
PostNuke: http://www.computercops.biz/article359.html
http://www.computercops.biz/article277.html
http://www.computercops.biz/article241.html
There are plenty more in this non-PHPNuke category all around the Net.
Now to focus on PHP-Nuke (some have patches):
http://www.computercops.biz/article2077.html
http://www.computercops.biz/article2038.html
http://www.computercops.biz/article1513.html
http://www.computercops.biz/article919.html
That's just the data as found at CCSP. If you search this site (http://phpnuke.org/modules.php?name=Search) for exploits you will find them too.
Now what does this mean? Free and even paid for services like vBulletin are susceptiable constantly to exploits.
Even companies like Microsoft *still* re-release advisories that are very old:
http://www.computercops.biz/article2093.html
Take a look at these on Cisco, Apache, etc...
http://www.computercops.biz/article2055.html
http://www.computercops.biz/article2051.html
http://www.computercops.biz/article1436.html
http://www.computercops.biz/article1808.html
Even major government websites get defaced like NASA, and just this past Saturday too:
http://www.computercops.biz/article2095.html
Lets not forget, some systems as secure as they can possibly be are not immune to "insider" hiccups that can potentially destroy everything:
http://www.computercops.biz/article1107.html
What's the point of all this?
Nothing is secure. Software is programmed by humans. Hardware is accessed or used via firmware. Security breaches will happen. The object is to minimize the breaches. Once you feel that there can no longer be breaches, that is when you will be cracked. Stay safe and enjoy.
And also, stay at least 10 steps ahead of the black hats. (wink)
|
|
Posted on Wednesday, February 05 @ 17:22:34 CET by Zhen-Xjell |
|
|
|
|
| |
|
Average Score: 2.08
Votes: 12
|
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: How secure is PHP-Nuke? (Score: 0)
by Anonymous on Thursday, February 06 @ 19:15:08 CET | The title of this article made is seem like you were actually going to discuss the security of Php Nuke. Instead it comes across as excusing the large number of vulnerabilities that have been found in php nuke - not to mention the poor responce time out of FB when they come up.
The brilliant lack of standard input validation and user permissions systems scream of a developer that doesn't know - or doesn't care - about security.
Security breaches will happen and the objective to minimize the breaches seems ignored thus far in php nuke. Security doesn't consist of a single wall of defense (or a ton of quick fix kludges), it is applied consistantly in layers.
I appreciate that you people here decided to take an interest in php-nuke security, but this article just paints a sophist's excuse for the issue instead of tackling it directly. |
Re: (Score: 0)
by Anonymous on Sunday, February 09 @ 01:40:15 CET | You raise valid issues. Nuke has gotten bloated with patch worked code. But no one can institute changes to the nuke core and still call it phpnuke but FB. Presently he has made a change in the right direction somewhat. Yet the heavy patching remains. PHPNuke itself is as safe or safer then many of the open source php applications out. Follow Bugtraq and one is amazed at the low level exploits that can invade many php freeware, shareware and propriety apps. I feel ZX, and Tom have earned a mutual repect from FB that has benefited us all greatly. I hope that he will continue to accept assistance from willing and able coders such as these fine gentlemen. Teamwork has moved nuke farther in the last year then it has for some time.
|
]
Re: How secure is PHP-Nuke? (Score: 0)
by Anonymous on Wednesday, February 26 @ 17:16:55 CET | I have to agree. I came to find out "how secure is php-nuke?" and learned instead how insecure other alternatives are.
Has anyone actually sat down to audit php-nuke's security? I'd love to see a real evaluation before I decide whether or not to use the software. |
]
| | | | | |
|
