You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 52 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Security: How secure is PHP-Nuke?
PHP-NukeI see it asked so often, so I thought a nice example would help to answer the question: "How secure is PHPNuke"?

Objectively the answer is more general then you think, and as specific as you want. First, PHPNuke is on the same level as any other software or hardware service out there.

Hardware you say? Yes hardware. Here are some examples of hardware systems that are "not secure" because they do run off of firmware (or software):

http://www.computercops.biz/article1700.html
http://www.computercops.biz/article423.html
http://www.computercops.biz/article406.html
http://www.computercops.biz/article267.html

Well worth the read as they are eye openers.

Ok, what about other online portals/forums?

vBulletin: http://www.computercops.biz/article1907.html
http://www.computercops.biz/article577.html
Ikonboard: http://www.computercops.biz/article219.html
YaBB: http://www.computercops.biz/article959.html
PostNuke: http://www.computercops.biz/article359.html
http://www.computercops.biz/article277.html
http://www.computercops.biz/article241.html

There are plenty more in this non-PHPNuke category all around the Net.

Now to focus on PHP-Nuke (some have patches):

http://www.computercops.biz/article2077.html
http://www.computercops.biz/article2038.html
http://www.computercops.biz/article1513.html
http://www.computercops.biz/article919.html

That's just the data as found at CCSP. If you search this site (http://phpnuke.org/modules.php?name=Search) for exploits you will find them too.

Now what does this mean? Free and even paid for services like vBulletin are susceptiable constantly to exploits.

Even companies like Microsoft *still* re-release advisories that are very old:

http://www.computercops.biz/article2093.html

Take a look at these on Cisco, Apache, etc...

http://www.computercops.biz/article2055.html
http://www.computercops.biz/article2051.html
http://www.computercops.biz/article1436.html
http://www.computercops.biz/article1808.html

Even major government websites get defaced like NASA, and just this past Saturday too:

http://www.computercops.biz/article2095.html

Lets not forget, some systems as secure as they can possibly be are not immune to "insider" hiccups that can potentially destroy everything:

http://www.computercops.biz/article1107.html

What's the point of all this?

Nothing is secure. Software is programmed by humans. Hardware is accessed or used via firmware. Security breaches will happen. The object is to minimize the breaches. Once you feel that there can no longer be breaches, that is when you will be cracked. Stay safe and enjoy.

And also, stay at least 10 steps ahead of the black hats. (wink)
Posted on Wednesday, February 05 @ 17:22:34 CET by Zhen-Xjell
 
Related Links
· More about PHP-Nuke
· News by Zhen-Xjell
Most read story about PHP-Nuke:
PHP-Nuke new development direction (part 2)
Article Rating
Average Score: 1.62
Votes: 8


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad
Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: How secure is PHP-Nuke? (Score: 0)
by Anonymous on Thursday, February 06 @ 19:15:08 CET
The title of this article made is seem like you were actually going to discuss the security of Php Nuke. Instead it comes across as excusing the large number of vulnerabilities that have been found in php nuke - not to mention the poor responce time out of FB when they come up.

The brilliant lack of standard input validation and user permissions systems scream of a developer that doesn't know - or doesn't care - about security.

Security breaches will happen and the objective to minimize the breaches seems ignored thus far in php nuke. Security doesn't consist of a single wall of defense (or a ton of quick fix kludges), it is applied consistantly in layers.

I appreciate that you people here decided to take an interest in php-nuke security, but this article just paints a sophist's excuse for the issue instead of tackling it directly.

Re: How secure is PHP-Nuke? (Score: 1)
by nero6 on Tuesday, August 12 @ 14:12:28 CEST
(User Info | Send a Message) http://forum.jsoftj.com/
Free Download Manager [www.jsoftj.com] - FlashGet [www.jsoftj.com] - Windows Live Messenger [www.jsoftj.com] - Y! Multi Messenger [www.jsoftj.com] - Messenger Plus! Live [www.jsoftj.com] - DirectX [www.jsoftj.com] - Nokia PC Suite [www.jsoftj.com] - ZoneAlarm [www.jsoftj.com] - DVB Dream [www.jsoftj.com] - skype [www.jsoftj.com] - ESET NOD32 Antivirus [www.jsoftj.com] - Google Earth [www.jsoftj.com] - فتح اكثر من ياهو [www.jsoftj.com] - فتح اكثر من ماسنجر 8.5 [www.jsoftj.com] - فتح اكثر من ماسنجر 9 [www.jsoftj.com] Norton [www.jsoftj.com] - RealPlayer [www.jsoftj.com] -   Windows Media Player [www.jsoftj.com] - Kaspersky Anti-Virus Mobile [www.jsoftj.com] - Internet Download Manager [www.jsoftj.com] - Internet Explorer [www.jsoftj.com] -  Youtube [www.jsoftj.com] -  LimeWire Pro [www.jsoftj.com] - Download Accelerator Plus [www.jsoftj.com] - Windows Live Messenger 9 [www.jsoftj.com] - Opera [www.jsoftj.com] - Nero 8 [www.jsoftj.com]



Re: How secure is PHP-Nuke? (Score: 1)
by nero6 on Tuesday, August 12 @ 14:12:33 CEST
(User Info | Send a Message) http://forum.jsoftj.com/
Media Player Classic [www.jsoftj.com] - Yahoo! Messenger [www.jsoftj.com] - Kaspersky Virus Removal Tool [www.jsoftj.com] - Kaspersky Internet Security 2009 [www.jsoftj.com] - Kaspersky Anti-Virus 2009 [www.jsoftj.com] - Trojan Remover [www.jsoftj.com] - Hide IP Platinum [www.jsoftj.com] - Update AVG [www.jsoftj.com] - Kaspersky Anti-Virus Update [www.jsoftj.com] - McAfee Updates [www.jsoftj.com] - BitDefender [www.jsoftj.com] 3GP Player [www.jsoftj.com] - MobiMB Mobile Media Browser [www.jsoftj.com] - Online TV Player [www.jsoftj.com] - Satellite TV For PC 2008 Elite Edition [www.jsoftj.com] - Free Internet TV [www.jsoftj.com] - ProgDVB [www.jsoftj.com] - Super Internet TV [www.jsoftj.com] - TVUPlayer [www.jsoftj.com] - Super Internet TV Satellite 2008 [www.jsoftj.com] - WinRAR [www.jsoftj.com] - WinZip [www.jsoftj.com]



Re: How secure is PHP-Nuke? (Score: 1)
by nero6 on Tuesday, August 12 @ 14:12:40 CEST
(User Info | Send a Message) http://forum.jsoftj.com/
فيديو youtube [forum.jsoftj.com]- فيديو Google - انمي [forum.jsoftj.com] - افلام كرتون [forum.jsoftj.com] - توم وجيري [forum.jsoftj.com] - القط والفار [forum.jsoftj.com] - افلام كرتون اسلامية [forum.jsoftj.com] - قصص واقعية [forum.jsoftj.com] - قصص وعبر [forum.jsoftj.com] - قصص الانبياء [forum.jsoftj.com] - قصص القرآن الكريم [forum.jsoftj.com] - قصص وحكايات اطفال [forum.jsoftj.com] - خواطر [forum.jsoftj.com] - اناشيد اسلامية [forum.jsoftj.com] - اناشيد اطفال [forum.jsoftj.com] - اناشيد فرقة طيور الجنة [forum.jsoftj.com] - ديكور [forum.jsoftj.com] - ديكور منازل [forum.jsoftj.com] - مكياج [forum.jsoftj.com] - طبخ في مطبخ حواء [forum.jsoftj.com] - ازياء و موضة [forum.jsoftj.com] - ماسنجر [forum.jsoftj.com] - توبيكات [forum.jsoftj.com] - موبايل MOBILE [forum.jsoftj.com] - العاب طبخ [girls-games.jsoftj.com] - العاب باربي [girls-games.jsoftj.com] - Youtube [www.jsoftj.com] - youtube.com [www.jsoftj.com] - العاب بنات جديدة [girls-games.jsoftj.com] - العاب قص الشعر - شعر [girls-games.jsoftj.com] - Read the rest of this comment...

Re: How secure is PHP-Nuke? (Score: 1)
by nero6 on Tuesday, August 12 @ 14:12:46 CEST
(User Info | Send a Message) http://forum.jsoftj.com/
العاب جي سوفت [girls-games.jsoftj.com] - العاب بنات جي سوفت [girls-games.jsoftj.com] - لعبة تلبيس براتز [girls-games.jsoftj.com] - العاب اولاد [girls-games.jsoftj.com] - العاب رجال [girls-games.jsoftj.com] -   العاب بنات [girls-games.jsoftj.com] - العاب طبخ [girls-games.jsoftj.com] - العاب باربي [girls-games.jsoftj.com] - العاب مكياج [girls-games.jsoftj.com] - العاب بنات جديدة [girls-games.jsoftj.com] - العاب اطفال [girls-games.jsoftj.com] - العاب ترتيب الغرف [girls-games.jsoftj.com] - العاب ديكور [girls-games.jsoftj.com] - العاب قص الشعر [girls-games.jsoftj.com] - العاب تلبيس [girls-games.jsoftj.com] - العاب ميك اب [girls-games.jsoftj.com] -  | Dress Up GAMES [girls-games.jsoftj.com] | Kids Games [girls-games.jsoftj.com] | Barbie Games [girls-games.jsoftj.com] | Room Decor Games [girls-games.jsoftj.com] | Cooking Games [girls-games.jsoftj.com] | Adventure Games [girls-games.jsoftj.com] | Action Games [girls-games.jsoftj.com] | Makeover makeup make up Games [girls-games.jsoftj.com] | Other Games [girls-games.jsoftj.com] - موقع [site.jsoftj.com] | جي سوفت [www.jsoftj.com] | برامج [www.jsoftj.com] | العاب بنات [girls-games.jsoftj.com] |

Read the rest of this comment...
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.093 Seconds - 256 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::