How safe is back up?

Sergeant Joined: Jun 08, 2003 Posts: 120

Well I'm new to PHP Nuke, and I was wondering how much backing up does. Like if I backed up my site, and the next day its gets hacked or something, would I just go back to the back up, and everything is there?

Also, do hackers come frequently on fair, to high traffic sites? Is PHP Nuke vulnerable?

Posted: Sun Jun 08, 2003 6:58 pm

Quote:

Like if I backed up my site, and the next day its gets hacked or something, would I just go back to the back up, and everything is there?

yes and no - i dont trust the backup in admin -i use phpmyadmin todo a dump Structure and data, with drop table

Quote:

Also, do hackers come frequently on fair, to high traffic sites?

most websites are vulnerable to a "real" hacker but most of the problems that occur with phpnuke are scriptkiddies that exploit a minor vulnerability -usually nothing too bad

Quote:

Is PHP Nuke vulnerable?

6.5 out of box has a few issues but if you've installed the fixes from nukecops you should be safe. if you want to be sure download and install analyze.php it'll alert you to possible security problems with your site

Elite Nuker Joined: Nov 20, 2002 Posts: 237

If you are talking about the backup function that is built into nuke, just keep in mind that this only backs up your database! If hackers broke into your site and deleted files and what not, and lets say you had modification to the core nuke files then those changes would be lost!

The host I use uses Cpanel which allows me to not only backup my database but it also allows me to download a .rar of my entire file structure! I personally try to backup my site at least once a week or more if I am adding a major mod or security fix generally I will backup prior to adding that, so in case I have a typo or fat-finger the code somehow then I am ok.

But to answer your question if you backup your database and all your files yes you could easily recover from any hacker attack.

Is Nuke secure? With the latest security pack released here Version 6.5 is pretty secure. Without this fix there are some possible exploits that could allow a hacker access. Mainly SQL injection hacks.

As to why do hackers try to hack nuke sites. I think it is kind of like how hackers always make virus and exploits for Microsoft Exchange/Outlook yet seem to bypass every other known mail server/client. They just try to hack the most popular program out there. Php-Nuke is by far one of the most popular open source CMS's available, so with it's popularity and huge following means that it will probably always be a target for the script kiddies. However since nukecops fixed the last big SQL injection hack back in March/April it has been pretty quiet as far as hacking has gone. Does that mean phpnuke is immune to hackers? No, no software really is. But if you keep checking here, I assure you the team here will probably have a fix for whatever hole they may find hours after they are notified.

So you may see alot of articles saying Nuke is buggy and full of holes, and those statements may have been true 3 versions ago and previous. Most of the people making those statements aren't even in the nuke community anymore. Their statements are uninformed and founded on outdated info. Basically, Even though Nuke is relativly bug free you will always find people that tell you differently. Anyways if you are thinking of starting a nuke site, give it a go. And if you run into troubles post here and the team will do thier best to help you!

Good Luck and have fun!

Sergeant Joined: Jun 08, 2003 Posts: 120

Thanks a lot for the help guys. Now I have two more follow up questions.

1. I'm basically running on the original pure nuke with no modifications to files, if I backed up my site, would I get all my conent, links, downloads, articles, reviews, forum posts etc. back if a hack occured?

2. Also I have ipowerweb as a server, and they allow a back up option as well. Which one should I do, and whats the differences?

Cyberclark- actually the reason I was asking was due to those outdated comments, and such. So is it safe to say that major hacks, are extremely rare, with 6.5?

Elite Nuker Joined: Nov 20, 2002 Posts: 237

6.5 the core base files do have some holes that would allow your site to be hacked, but no fear they are patched by installing the fixes that the team here has made!!!

You can find them in the downloads section

Main ones to install are BBtoNuke 2.1 fix patch and then PHP-Nuke 6.5 Bug-Sec Patch 3. If you install those two you should be pretty safe. Well for now till they find some new hole Wink

But yes if you were running the original nuke with no modifications whatsoever and someone completely hacked your site you could just reinstall the nuke ditrubution and your backed up database and you would be back in business! The problem comes when you start modifying your files with addons for the forums or security fixes and what not. Which almost any serious nuke installation will have something added above an beyond the core files hence why it is important to backup your file structure too! However if you just backup your files before and after you make changes you really never have to back them up any other time because the files rarely change 90% of the changes are done in the database so that is definately the key element to backup! The exceptions are if you like add an attachment mod or upload mod of some sort then you will have user uploaded files that would change and need to be backed up regularly as well.

hope that helps clear it up a bit.

Sergeant Joined: Jun 08, 2003 Posts: 120

Thanks for the information. Now you did not answer my question concerning my server provided back up option, and the nuke backup option.

My server (ipowerweb) has a feature which allows me to back up my site. Would that be better then backing up through the nuke way?

Also, in a worse case scenario, if you did make mods to things, and your site was hacked, what would that do? I don't really understand why it would matter whether or not you added mods. Wouldn't the modifications get saved in the back up as well.

Sorry for these newbie questions, but hey thats what I am Smile