How secure is PHP-Nuke? Date: Wednesday, February 05 @ 17:22:34 CET Topic: PHP-Nuke I see it asked so often, so I thought a nice example would help to answer the question: "How secure is PHPNuke"? Objectively the answer is more general then you think, and as specific as you want. First, PHPNuke is on the same level as any other software or hardware service out there. Hardware you say? Yes hardware. Here are some examples of hardware systems that are "not secure" because they do run off of firmware (or software): http://www.computercops.biz/article1700.html http://www.computercops.biz/article423.html http://www.computercops.biz/article406.html http://www.computercops.biz/article267.html Well worth the read as they are eye openers. Ok, what about other online portals/forums? vBulletin: http://www.computercops.biz/article1907.html http://www.computercops.biz/article577.html Ikonboard: http://www.computercops.biz/article219.html YaBB: http://www.computercops.biz/article959.html PostNuke: http://www.computercops.biz/article359.html http://www.computercops.biz/article277.html http://www.computercops.biz/article241.html There are plenty more in this non-PHPNuke category all around the Net. Now to focus on PHP-Nuke (some have patches): http://www.computercops.biz/article2077.html http://www.computercops.biz/article2038.html http://www.computercops.biz/article1513.html http://www.computercops.biz/article919.html That's just the data as found at CCSP. If you search this site (http://phpnuke.org/modules.php?name=Search) for exploits you will find them too. Now what does this mean? Free and even paid for services like vBulletin are susceptiable constantly to exploits. Even companies like Microsoft *still* re-release advisories that are very old: http://www.computercops.biz/article2093.html Take a look at these on Cisco, Apache, etc... http://www.computercops.biz/article2055.html http://www.computercops.biz/article2051.html http://www.computercops.biz/article1436.html http://www.computercops.biz/article1808.html Even major government websites get defaced like NASA, and just this past Saturday too: http://www.computercops.biz/article2095.html Lets not forget, some systems as secure as they can possibly be are not immune to "insider" hiccups that can potentially destroy everything: http://www.computercops.biz/article1107.html What's the point of all this? Nothing is secure. Software is programmed by humans. Hardware is accessed or used via firmware. Security breaches will happen. The object is to minimize the breaches. Once you feel that there can no longer be breaches, that is when you will be cracked. Stay safe and enjoy. And also, stay at least 10 steps ahead of the black hats. (wink) This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=46