Joined: Apr 14, 2003
Posts: 397
Location: Tulsa, OK
Posted: Thu Jul 10, 2003 7:12 am Post subject: Has my version of phpnuke been tampered with? <---answer
drag the phpnuke file you downloaded into the program
PHP-Nuke-6.5.tar.gz is 3068169 bytes and has a checksum of ec59e1ca
PHP-Nuke-6.7.tar.gz is 4222056 bytes and has a checksum of 04f82c66
PHP-Nuke-6.8.tar.gz is 4437793 bytes and has a checksum of 079cd90b
i don't have my copy of 6.6 so i couldn't give you the sizes / crcs -if you have them post them and i'll add them
if you obtained a copy of php-nuke and it has a different checksum i advise that you do NOT install it (but we might wanna take a look at it )
because I found a bunch of sites that were offering 6.8 but were really 6.5
anyway maybe that helps
nathan
Oh yeah, http://www.nukescripts.net is a very reliable source for all PHP-Nuke files, everything is throughly checked and tested to make sure it is clean, then rechecked,
Hope this helps.
_________________ Building A Better PHP-Nuke Community!
drag the phpnuke file you downloaded into the program
PHP-Nuke-6.5.tar.gz is 3068169 bytes and has a checksum of ec59e1ca
PHP-Nuke-6.7.tar.gz is 4222056 bytes and has a checksum of 04f82c66
PHP-Nuke-6.8.tar.gz is 4437793 bytes and has a checksum of 079cd90b
Nifty work Nat!
Oh by the way...hi again!
I suppose these comments and questions fall in here, since there seems to be a plethora of nuke sites from one end of the net to the other. All offering some kind of DL.
According to the official site, in the dl section the latest ver is 6.5. In the Club, a link off phpNuke.org, that has a rather stiff 10 bucks a month fee for access resides 6.6.7 and 8 respectavly. (Meaning an upgrade from 6.5 to 6.8 rolls out to 120 bucks)
Is my assumption correct, that if you want the latest version that you join the Club and pay up?
As a "trader" both in matter and spirit, I don't have a problem paying, however if the later versions are Beta or just not ready for public release, a note or two would be great.
If I'm totally off the nut here, please update this neebies mind!
_________________ Galt
JG Sergeant
Joined: Jul 26, 2003
Posts: 124
Location: Cherry Hill, N.J.
Posted:
Sun Jul 27, 2003 5:22 pm
Linzilla wrote:
Oh yeah, http://www.nukescripts.net is a very reliable source for all PHP-Nuke files, everything is throughly checked and tested to make sure it is clean, then rechecked,
Hope this helps.
The site you refer to is NSN Nuke Site, which seems to be an off-shoot of the original (and since they all seem to eat off the term NUKE, with enough similarity until you read the fine print, maybe "others" vs "original" would be more appropriate)
Of course one of the problems is the open source mentality, which leads to a free for all, as any Linux programmer will tell you.
So I guess if there's a question, it's where do you hang your hat (so to speak)?
I've seen a couple of really well done NSN sites, that obliterates any typical look of a FORUM system. Including this site, so I guess the underpinnings of a war has been going on for some time.
_________________ Galt
JG Sergeant
Joined: Jul 26, 2003
Posts: 124
Location: Cherry Hill, N.J.
Posted:
Sun Jul 27, 2003 5:38 pm
SpankedMonkey wrote:
As I said above:
Quote:
I really wish I could remember which site I got it from but I know I didn't need to reg and I cleared my browsers cache on wednesday so I have nothing to track.
I want to say that I did get it from a link off of nukephp.org but I can not be sure, I thought I did. The link said that it required no registration also.
When I get home from work, I will see if there is anything else I can do to see where I got the download.
Maybe I should not do this, however I just got the same 6.8 file, that it declares is by the original author. The details listed are identical as those listed on The Club, but you pay to DL it.
But here is where you got it, and the site is listed on this thread as well as in the link.
Now my question: Is this an official site, and is this an official version, and I refer back to my post regarding the Club!
To the moderator here, if you chose to delete these posts, I'll understand completely!
_________________ Galt
Last edited by JG on Sun Jul 27, 2003 6:04 pm; edited 1 time in total
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sun Jul 27, 2003 5:49 pm
I'm going to bed, so I'll make this brief.
*You should always do a complete audit of any program you download from any website prior to production release.*
With that said, phpnuke.org is obviously an official site. Nuke cops is the only other site that is an official phpnuke developer.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sun Jul 27, 2003 5:55 pm
And another thing about links. If someone wishes to download a product from a site not authorized, then that persons risks tampering on their own website. What we have done in the past is to respect the author. It would be nice to say we also tried to help protect our members from rogue links to club downloads. But that wasn't why we removed links. We removed them because we respect the author. Period.
If you take a risk downloading it outside the club, just remember it was your choice. Hence, why we support the official distribution, and why our bundle has been officially blessed by the author.
We all love this product, and speaking for myself now, I enjoy PHP-Nuke. I want to see it grow to bigger heights. And in order to do that, I desire to work with the author and the team assembled here onsite. We're making excellent progress.
How can I tell?
We're about to break 800,000 page views for this month alone. Last month we broke 760,000 page views.
I'd say that is proof in the pudding that something here is right.
>> getting off my podium , its been a long day <<
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
JG Sergeant
Joined: Jul 26, 2003
Posts: 124
Location: Cherry Hill, N.J.
Posted:
Sun Jul 27, 2003 6:01 pm
Zhen-Xjell wrote:
I'm going to bed, so I'll make this brief.
*You should always do a complete audit of any program you download from any website prior to production release.*
With that said, phpnuke.org is obviously an official site. Nuke cops is the only other site that is an official phpnuke developer.
Just did as you suggested, and 6.8 is identical using the SFV and checksum info. that was obtained at the link I posted., that on the official site, requires payment by joining the Club.
_________________ Galt
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sun Jul 27, 2003 6:09 pm
I prefer never to use checksum but rather MD5 as it is a more advanced and harder to crack hash system.
Security falls not only on the developers, but also on the users. Its a two way street.
Aside from the "respect to the author" reason, the other reason for club only downloads is to show support financially. Like most folks, the author is trying to survive with this product. Helping in once in a while does a lot to ensure the longevity of the project.
I can tell you however that even though this whole this is open source and free
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sun Jul 27, 2003 6:10 pm
I prefer never to use checksum but rather MD5 as it is a more advanced and harder to crack hash system.
Always trust yourself first.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sun Jul 27, 2003 6:15 pm
Hmm... I wonder if PGP signing should be used? An open question to everyone.. should greater security measures be taken for program distribution? Should MD5 hashes be published? Or should PGP signing be used?
Is this a real big concern for folks? We're very capable here at NC to provide those.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
JG Sergeant
Joined: Jul 26, 2003
Posts: 124
Location: Cherry Hill, N.J.
Posted:
Sun Jul 27, 2003 6:23 pm
Zhen-Xjell wrote:
Hmm... I wonder if PGP signing should be used? An open question to everyone.. should greater security measures be taken for program distribution? Should MD5 hashes be published? Or should PGP signing be used?
Is this a real big concern for folks? We're very capable here at NC to provide those.
To answer your question from a users standpoint, and because there are so many other different sites, that seem to offer what the original does, the answer is an emphatic "YES"
The MD5 is already built into PHP, so that makes life a bit easier, if you want to go killer 128 bit encryption.
PGP is certainly less secure from a hacking point of view but typically used.
Maybe this is overkill, but I'd do both. Now for the reservations of doing it.
Nothing prevents a member (disgruntled) from taking it from the original site, and moving it elsewhere, and once you know how something is protected, it's not that difficult to figure a way around, over or under it. I speak from experience since I've really been at this nutty stuff since 1982.
The major problem is, that it's open source, and even though I agree with some security, it's a hard can of worms to clean out. Perhaps it's just a no-win situation?
I just made myself a member of The Club! And ethically, it's not difficult to respect intellectual propriety rights, and support what you gratefully accept, that is beyond your own individual capabilities.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
