Nuke Sentinel for PHPNuke 6.5

Nuke Cadet Joined: Sep 08, 2008 Posts: 4

Hello!

I have gotten hacked about 2 times in the past year and thought I should do some security things to help. First of all I was wondering if anyone felt as though still having PHPNuke was OK security wise. For some reason my boss wants to stay on 6.5 because someone had told her that it wouldn't drastically change anything as far as looks. As far as security goes, I already altered my .htaccess file to prevent certain IPs but was looking to put Sentinel on. Does anyone know if there is a sentinel version for PHPnuke 6.5?

Many thanks!

Site Admin Joined: Aug 17, 2003 Posts: 12397

By sticking with 6.5, you're pretty much opening yourself to every security vulnerable over the last several years. 6.5 was release more than 5 years ago. While she's right that the looks haven't changed, the code has changed quite a bit in order to make it more secure.

There isn't even a updated Patched release for 6.5, which Nuke Sentinel requires.

You should really get up to at least phpNuke 7.6 + Patched files + Nuke Sentinel. Or for a more integrated solution, I recommend RavenNuke from http://ravenphpscripts.com

Nuke Cadet Joined: Sep 08, 2008 Posts: 4

Thanks for getting back to me Evaders99. I was looking at this website that compares the different types security: http://freesoftwarereviews.org/modules.php?name=News&file=article&sid=2

And it says that Nuke Sentinel can be used with 6.5 - I'm not sure what to believe. Do you know for sure that it doesn't work?

Thanks again Smile

Site Admin Joined: Aug 17, 2003 Posts: 12397

You "could" hack it up to work in 6.5, but even then, it wouldn't be the most secure version. Nuke Sentinel is not a complete solution in itself. It is a police officer - it can stop suspicious activity it knows about. But it doesn't mean you should leave your doors open: by not using patched, secure code!

Nuke Cadet Joined: Sep 08, 2008 Posts: 4

Do you think that it's also the responsibility of the company that owns the server space to help with security avoid these hacks? What's your opinion on this?

Thanks again Smile

Site Admin Joined: Aug 17, 2003 Posts: 12397

Up to a certain point, yes. They can install some firewalls and lock down your account so that malicious scripts cannot get outside your server. But that's mostly to protect other users of their services.

To continue the analogy, the government provides deeds that says you control your own property. They have firefighters to stop the spread of fires to the community. It doesn't mean they can or should stop you from lighting a fire in your house: for a cookout or even a cigarette. However, you should have common sense to not leave lite candles around the house around flamable substances.

Nuke Cadet Joined: Sep 08, 2008 Posts: 4

Ok, I've finally been able to convince my boss to update to 8.1, but I see that 9.0 is supposed to be available soon. Do you have any idea how "soon" this will be? Maybe I should just stick to 8.1 considering there are probably many patches for that to help me out....

Thanks for your analogy on that Smile

Those damn fires are so pesky.

Site Admin Joined: Aug 17, 2003 Posts: 12397

Really that's how all webhosts view it. If your site gets infected, its your job to remove it. All that is done with the software is your responsibility. Many hosts will terminate your account if it compromises their server.

There is no date on 9.0. Given that phpnuke.org is under new ownership and hasn't revealed themselves, I figure 9.0 is a bunch of talk. There is no release plan.

Use 8.1 (with the Patched files and Nuke Sentinel) and you'll be fine for a while.