IP ban list completely USELESS!!!

Nuke Soldier Joined: Apr 30, 2003 Posts: 23

I'm surprised by the response on that so called 'IP BAN list'!!!! This list is completely useless. Why? Well tell me, why should I block worm/trojan-infected hosts that hitting your box? And 70% (69% I believe) of the current 'ban list' are worm/trojan-infected hosts.

Let's see:

cat nukecops.txt | wc -l 465 (total)
cat nukecops.txt | grep "Port: 445" | wc -l 321 (worms/trojan)

Port 445 could also be the Windows update procedure, a mirc (MSN?) client on your network, or whatever. But that's not the point. The point is that people think they have a nice solution against '''hackers''' coming from a site who wants to be 'protect the Nuke world' but they have nothing. I even saw someone who wrote a script to automatically import this list with a cron task! Get real!

It's not that I’m against some sort of public service but this is useless... Why don't you explain what XSS's are and what people can do about it? Why not a document/article in which you explain XSS and SQL injections and some solutions (mod_security). In every nuke update there are a few security updates. What are they? Why are they added? What are the symptoms? You are saying "We're the Cops, that help protect the Nuke world." Really??? By publish local port scans????? How do you protect the nuke world? Where are the nuke (PHP) related topics on security? When I do a search on XSS or SQL injection everything seems to stop somewhere in march/april with 'PHP-Nuke 6.5 FINAL Released on the Club' So there aren't any new exploits found in nuke after version 6.5? Why not explain them?

Why not articles on how ‘safe programming’ blocks and modules? There are al lot of those so called blocks and modules out there and each and every one of them are potential exploits and could give nuke a bad name (if it hasn’t already).

I know that with all this above you could exposing your security policy but I think it’s all ("We're the Cops, that help protect the Nuke world.") or nothing…….

Sorry, I don’t think this is a nice messages but there are to many nice messages on this board…..

Grtnx,

Jan

Posted: Sat Jul 26, 2003 6:40 am

I take it you haven't been around that long on this website as you are focusing on a IP ban list which is far from being what this website provides for the public, you seem to have missed the many security and fix patches that have been released and the countless "on the fly" fixes provided to users at the forums, and i am not even going to list what the staff members have done at their own sites.

Regarding one of your other comments why should we go into detail about what X or Y vulnerability does and how you can use it to disrupt any website, several people have done that on "security" websites, what have they managed with this? tons of script kiddies that otherwise would have not even been aware of said vulnerability took advantage of the published information and used it to deface a good share of websites, i am sure those that lost many articles at their sites aren't too happy about this, but the main message i would like to share with you is that you are not forced to download anything that goes out by us or anyone else, you do with your website as you please. Last but certainly not least, your post is an extensive one but all i could find in it are attacks aimed at us and the many others that work for free to bring fixes to others yet i cannot find hard as i try any fixes or suggested solutions provided by you, it's ironic that no matter what one does to help others there are more people willing to spend their time trashing us than actually saying thanks for the things we have done, that's life.

Nuke Soldier Joined: Jun 01, 2003 Posts: 32

NUKECOPS RULES!!!!!!!! THANKS FOR ALL YOUR TIME AND EFFORT HATS OFF TO THE NUKECOPS STAFF

P.S. Jank if your so smart why dont you do all this stuff and share your knowledge like the staff at nukecops?

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Ok, I'll take the troll bait.

The real purpose behind the IP Ban list is to attract you here and log your IP address.

Nuke Cadet Joined: Jul 26, 2003 Posts: 2

Strange, Jan ha's a good point here, phpnuke is and will always bee insecure! Nuke Cops does nice work... although I am intrested in what the actual chanches between 6.7 an 6.8 are.
I realy don't understand some reactions on this issui... NUKE COPS RULES!!! ... thats sick! Share the nuke knowledg? Are you nuts? First pay and than you may use your own mods in Nuke.... hahahahahahaha...

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

The "points" that are being made involve no knowledge of what Team Cops has done up to this stage. Every Nuke bug that has been published in the past 1.5 years the team in some shape or form has been involved in procuring a patch or fix (or implementing it).

I myself have written articles about using various tools to secure your webserver. You see, its not just PHP-Nuke that needs securing (as does Microsoft products, Sun products, and take a look at Cisco... major company with a recent major IOS vulnerability). Face it, everything needs to be secured. I've tried many times to guide folks to products like port-sentry for securing your server, and different security modules to harden apache.

You simply cannot fairly assign all the blame to PHP-Nuke. Security is and always will be a "layered" or "ring" architecture approach. Because if you rely on only one security tool, once that is taken down your whole server is owned.

I have no problem sharing my own knowledge on this subject matter... but I don't appreciate it when someone comes here seeking to blame rather than seeking knowledge.

Its all about the persona one sends out. No one likes to be attacked.

Nuke Soldier Joined: Apr 30, 2003 Posts: 23

chatserv wrote:

I take it you haven't been around that long on this website as you are focusing on a IP ban list which is far from being what this website provides for the public, you seem to have missed the many security and fix patches that have been released and the countless "on the fly" fixes provided to users at the forums, and i am not even going to list what the staff members have done at their own sites.

Hmmm let's see.... i'm in the ict bussiness since 1989, run a couple of websites since 1996, using nuke sinse version 5.1 (or was it 5.2) and visit this site for a month or 10 by now... Does this answer your question?

And did i say that there aren't any bug/security/whatever-fixes here?
Tell me Raven, where did i wrote that! But please read on.....

chatserv wrote:

Regarding one of your other comments why should we go into detail about what X or Y vulnerability does and how you can use it to disrupt any website, several people have done that on "security" websites, what have they managed with this?

Knowledge my friend.... knowledge..... And with this knowledge people
are able to protect there websites better and recognize (and react) to those so called attacks. And with this knowledge people could write 'safe' blocks and modules. And you (this site) have this knowledge but you wont share it (not enough). Do you realise that when there is an exploit in, let's say, module-x for nuke the 'credits' for this exploit goes to nuke and not to the module?

chatserv wrote:

tons of script kiddies that otherwise would have not even been aware of said vulnerability took advantage of the published information and used it to deface a good share of websites, i am sure those that lost many articles at their sites aren't too happy about this, but the main message i would like to share with you is that you are not forced to download anything that goes out by us or anyone else, you do with your website as you please.

So.... you think that because script kiddies might use the information it's better to give no information at all? Is that what you are saying? Sorry, i'm dutch and my english is not so good and therefore i could misunderstand you. But if i do understand you, wel then i have a small tip for you. It's out there! Really! On every major security site there is something on nuke! So the script kiddies (whoever that might be) have there information. But where can nuke-users find there information? Phpnuke.org? Think not! You have to be a member and all the forums are gone.

chatserv wrote:

Last but certainly not least, your post is an extensive one but all i could find in it are attacks aimed at us and the many others that work for free to bring fixes to others yet i cannot find hard as i try any fixes or suggested solutions provided by you, it's ironic that no matter what one does to help others there are more people willing to spend their time trashing us than actually saying thanks for the things we have done, that's life.

That's life indeed... and it's hard.... but you know it was not ment to be hard or negative. I did post some 'nice' questions in last months and with almost no response (look at my last conversation with Zhen-Xjell).

All i say is that this site should have sections about how to secure your nuke setup (the analyzer is a good start) and why, forums related to this (with a moderator who bans messages like block-x or module-y won't install), articles on how to 'safe' programming with php, php.ini explained, etc. etc. etc. And if you really won't to mention portscanning then go all the way starting with iptables, portsentry, psad, snort, etc. etc.

Grtnx,

Jan

Nuke Soldier Joined: Apr 30, 2003 Posts: 23

Zhen-Xjell wrote:

You simply cannot fairly assign all the blame to PHP-Nuke. Security is and always will be a "layered" or "ring" architecture approach. Because if you rely on only one security tool, once that is taken down your whole server is owned.

Could'nt agree with you more. But you can't cover all.... i think it's better to be good at one item (nuke/php) then average at all... And before you break your keyboard in two pieces, i'm not saying that this site is average
but be aware to the fact that it easily could be....

Zhen-Xjell wrote:

I have no problem sharing my own knowledge on this subject matter... but I don't appreciate it when someone comes here seeking to blame rather than seeking knowledge.

Its all about the persona one sends out. No one likes to be attacked.

Who do i blame? You? For what? I don't want to blame anybody! All i want is usefull information on how to stop, slow down, those people out there who pleasure is in the frustration of another.....

Grtnx,

Jan

Nuke Soldier Joined: Apr 30, 2003 Posts: 23

Who said i'm smart? YOU? THANKS MAN!!!!!

paris wrote:

NUKECOPS RULES!!!!!!!! THANKS FOR ALL YOUR TIME AND EFFORT HATS OFF TO THE NUKECOPS STAFF

P.S. Jank if your so smart why dont you do all this stuff and share your knowledge like the staff at nukecops?

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Ok, thanks for clarifying your position then. Our mainstay here is php-nuke, and that's why folks here work on issuing security fixes for members to install on their filesystem. Its a rather daunting task to audit the code and find exploits, so many times its a retroactive approach. This is not uncommon in the online world for many high priced businesses.

What is it you'd like to know exactly?

General Joined: Mar 22, 2003 Posts: 5233 Location: USA

Jank wrote:

And did i say that there aren't any bug/security/whatever-fixes here?
Tell me Raven, where did i wrote that! But please read on.....

Raven? How did I get dragged into this?

General Joined: Mar 22, 2003 Posts: 5233 Location: USA

jank wrote:

and why, forums related to this (with a moderator who bans messages like block-x or module-y won't install)

Can you elaborate on this one? When did any of our Moerators ban messages (more than one apparently) about a block or module not installing? The only time that we step in to take such drastic measures is if the thread becomes abusive or involves spamming or other objectionable content. Thanks.

Nuke Soldier Joined: Apr 30, 2003 Posts: 23

Raven wrote:

Jank wrote:

And did i say that there aren't any bug/security/whatever-fixes here?
Tell me Raven, where did i wrote that! But please read on.....

Raven? How did I get dragged into this?

Sorry, i saw your name striked out in the upper left of my screen and
was wondering what that means. Appearently i was so impressed by
this that a wrote your name instead of chatserv.......

Grtnx,

Jan

Nuke Soldier Joined: Apr 30, 2003 Posts: 23

Raven wrote:

jank wrote:

and why, forums related to this (with a moderator who bans messages like block-x or module-y won't install)

Can you elaborate on this one? When did any of our Moerators ban messages (more than one apparently) about a block or module not installing? The only time that we step in to take such drastic measures is if the thread becomes abusive or involves spamming or other objectionable content. Thanks.

Please qoute everything cause that was NOT what i wrote, i wrote:

"All i say is that this site should have sections about how to secure your nuke setup (the analyzer is a good start) and why, forums related to this (with a moderator who bans messages like block-x or module-y won't install), articles on how to 'safe' programming with php, php.ini explained, etc. etc. etc. And if you really won't to mention portscanning then go all the way starting with iptables, portsentry, psad, snort, etc. etc. "

So there SHOULD BE a forum(s) about security issues with a moderator
to see that everything is on-topic. 'Ban' is the wrong word for it but someone who tell folks in a nice way that installproblems x or y don't belong there.

And for once and for all, please see this a positve criticism and perhaps you can do somethng with it..... perhaps not......

Grtnx,

Jan

Nuke Cops Founder Joined: Nov 14, 2002 Posts: 5939

Hey, we're here to help and take constructive feedback. Your thread title doesn't exactly make me warm and fuzzy you know. Its the approach and how it was delivered.

Lets all go onward positively now. Lessons learned? Folks shouldn't post threads that can be received as negative.