You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 63 guest(s) and 1 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Securing PHPNuke / Experts Wanted! [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Securing PHPNuke / Experts Wanted!
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » For Hire
View previous topic Log in to check your private messages View next topic
Author Message
floid
Nuke Cadet
Nuke Cadet


Joined: Jun 07, 2006
Posts: 1
PostPosted: Wed Jun 07, 2006 4:22 pm Reply with quoteBack to top
I'm looking for someone to secure my customized version of PhpNuke, which recently has been hacked and defaced by script kiddies. Supposed version of PHPNuke is 7.4, not all modules are active (only active modules need to be secured). Note that this version has to be fully patched against known exploits since it's customized, I'm not looking for someone just to upgrade to the latest version. Addionally the coppermine gallery module has to be secured.

If you are interested please place a bid at my project page at getacoder.com: http://www.getacoder.com/projects/phpnuke_experts_wanted_28506.html
Find all posts by floidView user's profileSend private message
TogetherTeam
Site Admin
Site Admin


Joined: May 28, 2004
Posts: 18
PostPosted: Thu Jun 08, 2006 2:36 am Reply with quoteBack to top
Top Apache-PHP-*SQL Security Issue:

1) allow_fopen_url = On
This is a default php setting.
Whether to allow the treatment of URLs (like http:// or ftp://) as files.
It permits the remote execution of php script !
If you don't need to fopen/include remote file, set it to OFF.

2) Disable php method like: system();

3) Install mod_security with anti-SQL Injection regex.
mod_security automatically do a euristic check against malicious GET/POST request.

4) Use the php openbase_dir directive.

5) Chroot Apache

This five rules can help a lot !
But they only remain always perimetral defense.
Fix the code is always the better choice.

Good Luck Wink

Francesco Marasco
Chief Technology Officer

Together Team s.r.l.
Via Torino, 34 - Rende (CS) 87036
Italy
Find all posts by TogetherTeamView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » For Hire
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by · TOGETHER TEAM srl ITALY http://www.togetherteam.it · DONDELEO E-COMMERCE http://www.DonDeLeo.com
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.400 Seconds - 416 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::