Normally a hacking attempt, in my opinion, is kind of a fun experience. You get to see people who have wasted their time to "point out" (most of the time) that PHP-Nuke in insecure. I was hacked twice that I know of with countless more that are logged. I saw today that "Admin Secure" 1.7 is available. Being that today was the first time I heard about it I decided to give it a try. I a very impressed with every aspect about it. I really wish that this could be incorporated into PHP-Nuke itself but we all know that will never happen. I give this program 2 thumbs up for two reasons: one because this took dedication and time to make and two, it is one of the most useful add-ons for PHP-Nuke. I say keep up the good work.
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sat May 29, 2004 7:44 pm
That is very high praise.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
madman Support Mod
Joined: Feb 15, 2004
Posts: 806
Posted:
Sun May 30, 2004 9:33 am
Thank you, gnaunited.
However, it still advisable to always patch your PHP-Nuke scripts, like one provided by the hard-working of Chatserv. Admin Secure also does not protect you against path disclosure methods which reveal your physical path on the server (often displayed on PHP warnings or errors). Admin Secure also does not covers entire PHP-Nuke components unless they call/connected to mainfile.php file. One for example was an e_myGallery security issue where poople can inject XSS method by calling to the script file directly.
You might still need another security products for PHP-Nuke; Fortress, Nuke HackerTraps, Protector System, Sentinel, etc, where offering features not included in Admin Secure.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
