You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 458 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Admin Secure 1.6 Released
Securitymadman writes "Admin Secure 1.6 now support multi-languages and comes with four new features (Exclude System, Extended Blocking Info, Robots System, Admin Login over HTTP Authentification), Admin Secure time benchmark (for debugging and analyzing page-load purposes), better SQL Injection detection (union, join, char, benchmark), cacheable time-critical proccess (to reduce page-load time), better current path detection (regarding to phpbb/bb2nuke 2.0.8 forum administration issue), better phpbb/bb2nuke forum post detection, etc. Fixes some known problems in previous version 1.5 such as missing uploadable banned IP list in Ban System page, incorrect PHP version detection, and correcting phpbb/bb2nuke [img][/img] help-box tooltip string now will not trigger illegal html tag's checking.

New Exclude System allow defined objects (IP address, script filename, PHP-Nuke modules) being immutable on some Admin Secure protection schemes. New Extended blocking info will gives you more detailed reports on session that being blocked, including blocking reason and list of all request variables during the session. If Admin Secure's auto-ban is enabled, this feature will be very handly for you to decide whether they are catches as unintentional blockings or just let them as permanent ban. New Robot System makes Admin Secure more friendly with spiderbots, especially with flood-protection scheme. Admin Secure can also reject known bad bots. With combination of Ban System and Exclude System, you can put known spiderbot's IP address as either allowable or denial access. All ideas of these features were came from James Simmons a.k.a Hamesh. Thanks James. :)

Another powerful feature is Admin Login session over HTTP Authentification. This is not PHP-Nuke standard login replacement, but allow Administrators to logged in over cookie and HTTP-Authentification layer. This feature gives you double security for Admin account. Even if unauthorized person can steal admin MD5 password (e.g. though SQL Injection or cookie stealing methods), they must also having "real" admin password to login with HTTP Authentification. This feature require PHP running as Apache module or IIS ISAPI and the server is configured to allow HTTP Authentification for PHP. Additional tips, change admin password frequently and use long password to strengthen admin account security.

Features:
- Blocking known PHP-Nuke exploits.
- Prevent fake admin account access through input requests.
- Blocking cross-site scripting in modules.php and index.php files.
- Ensuring admin account session taken from cookie.
- Prevent unauthorized admin account creation, deletion, and modification.
- Compare admin account validity through "mirrored" database table.
- Changes to admin accounts (create, edit, delete) require God admin approval.
- E-mail notification. An alert sent along with additional info.
- Banning system for accessing site and PHP-Nuke modules.
- Log site activities.
- Flood Protection.
- And more.

Changes On This Version:
- Add: Multi-languages support
- Add: Admin login over HTTP Auth (req. PHP running as Apache module or IIS ISAPI)
- Add: Exclude System (thanks to Hamesh and Kvoul)
- Add: Spiderbots handling (thanks to Hamesh)
- Add: Process time benchmark
- Add: Extended Blocking Info
- Upd: Cacheable time-critical process (reduce page-load time)
- Upd: Better root path detection routine (thanks to GibsonXXI)
- Upd: Better SQL Injection checking algorithms
- Upd: Improve phpbb/bb2nuke forum posts detection
- Fix: Uploadable banned IP list not shown in Ban System page
- Fix: Improper PHP version checking routine

Download Link:
http://gp4tweaker.vadertrophy.com/cms/downloadview-details-41-Admin_Secure_1.6.html
(no registration required)

Warning:
File Downloads may fail with connections behind strong firewall (stripping referral header) or download the file using 3rd party download manager such as GetRight, Download Accelerator, etc."
Posted on Friday, April 30 @ 20:46:54 CEST by Zhen-Xjell
 
Related Links
· Computer Cops
· More about Security
· News by Zhen-Xjell


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.356 Seconds - 195 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::