You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 400 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
NukeCops: Security

Search on This Topic:   
[ Go to Home | Select a New Topic ]

PHP Nuke v.8.0 Directory Traversal
SecurityIn response to PHP Nuke v.8.0 Directory Traversal, I believe that is the same issue listed previously here.

All users phpNuke 7.8 Patched and lower / RavenNuke are unaffected. Users of phpNuke 7.9/8.0/8.1 Patched need to make the following changes, since some of these code never made it into NukeResources Patched package: Security: PHP-Nuke "lang" Local File Inclusion Vul
Posted by Evaders99 on Friday, June 19 @ 07:28:14 CEST (5563 reads)
(comments? | Score: 0)
PHP Nuke v.8.0 (referer) SQL Injection
SecurityIn response to PHP Nuke v.8.0 (referer) SQL Injection, I believe this is a duplicate vulnerability. If you are using the Patched files, RavenNuke, you should already be protected.

Unpatched users, be warned. Simple file changes should solve this issue: see previous Security: PHP-Nuke HTTP "referer" SQL Injection Vu thread
Posted by Evaders99 on Friday, June 19 @ 06:59:56 CEST (6001 reads)
(comments? | Score: 0)
ReCAPTCHA integrated into phpNuke
Securitydmolavi writes "If you're a user of NukedGallery.net, you'll notice that the standard phpNuke CAPTCHA display there has been replaced by reCAPTCHA, which you may have seen on other sites like Craigslist. For those of you not familiar with reCAPTCHA, it is a great spambot fighter. Read this article on what reCAPTCHA is and how it works.

In order to fight the increased number of spambots on this site, I installed reCAPTCHA in place of the standard CAPTCHA during account registration. If you want this done on your site, submit a paid support request. The fee is a flat $25 for the installation. "
Posted by VinDSL on Wednesday, April 08 @ 20:48:38 CEST (7080 reads)
(comments? | Score: 0)
Http Blacklisting
Securitylippylion writes "In helping all those with Nuke security issues and problems with spammers, comment spammers and other such people (the ones that post adverts on forums) and those that steal email addresses, I have discovered something I felt is really usefull and would benefit the whole of the Nuke community and others running websites.

The details are to long winded to go into here, but in short it is this, When someone registers for your site, a system that checks their ip against a dns record to see if they exist on a universal http blacklist, having been caught spamming etc. with that particular ip"
Posted by VinDSL on Wednesday, May 14 @ 21:16:54 CEST (6483 reads)
(Read More... | 1032 bytes more | 5 comments | Score: 0)
Free PHP Encoder and Obfuscator Online!
Securitykenetix writes "Hi everyone, I'm pleased to announce the opening of a new site and a free script here at http://www.freephpencoder.com. The site offers a free php code obfuscation and encoding service that allows people to distribute workable encoded php files for free.

Steps to encoding are extremely simple, simply upload the unencrypted file, download the encoded file, and you are ready to use the file (with the decryptor).

Many more features are planned to implemented with different encoding algorithms, but currently the free service currently utilizes the Zend engine for decoding. A byte encoding feature is currently being developed, and will be released shortly.

More information regarding this can be obtained from my community site:
HERE"
Posted by VinDSL on Sunday, March 09 @ 08:26:39 CET (9358 reads)
(Read More... | 10 comments | Score: 0)
PHP-Nuke modules/Search/index.php SQL Bug
SecurityAnother security bug... all versions of phpNuke (Nuke Patched / Nuke Patched Core / RavenNuke) need to be patched.

For more information and code changes, see my site Evaders Coding Squadron
Posted by Evaders99 on Thursday, January 24 @ 07:52:19 CET (6308 reads)
(Read More... | 7 comments | Score: 0)
.htaccess Filtering
Securitydslserver writes "There are several ways to secure your phpNuke website. You can use addons like NukeSentinel, NukeCops security advise forum or .htaccess filtering. The simplest way to do this is .htaccess where you can filter some known bots so they will never gain access to your site, ban ip's, and spam bots (majority of attack attempts originate from scripts using a tool called libwww-perl).I analyze several web server logs each day and I put together several lines in .htaccess to block many of those script-kiddies from gaining access to my site. For anyone interested in securing your php website using .htaccess please visit new phpnuke code hacks section on our website."
Posted by VinDSL on Thursday, July 26 @ 03:23:48 CEST (6914 reads)
(Read More... | 9 comments | Score: 5)
A CMS With A Focus On Security
Securityforgotz writes "DaDaNuke is proud to announce that we have expanded our current inventory to offer products, service and support for Nuke-Evolution. Click here to see our new site! Nuke-Evolution is a variant of the CMS (Content Management System) PHP-Nuke, version 7.6. "Evo", as it is affectionately know, has it's roots in the former TechGFX project, PHP-Nuke Platinum. Although the continuation of that project under another development team may be found here. Consider partly, that Nuke-Evolution is a lessons learned exercise, as a result of the experience of former Platinum developers, who now make the core of the Nuke-Evolution development team. Read More... for complete story.

As with many people involved in the PHP-Nuke community-at-large may know, security has been questionable with this CMS (PHP-Nuke). I will not bother with that topic now, for it has been discussed ad nausea and better left to expand on this issue with it's own article. I will say this, the Nuke-Evolution Development Team has made a priority, security. Not just the core CMS itself, but all modules, addons, MODS, hacks and tweaks as well. They are committed to whichever script they use, anywhere in the system, that exploits, attacks and prevention are coded in. And, many of the modules and BBtoNuke MODS included, have been updated as well. This typically results in a better, more secure script than that which may still be available from the original author(s)!

A major part of the success of any platform that delivers content and functionality, is availability of third party software and backwards compatibility. At DaDaNuke Evolution we are committed to producing quality scripts and service for this ever growing community. Join us today, register here now and show your support for this great CMS. DaDaNuke Evolution is completely Donations driven."
Posted by VinDSL on Monday, May 28 @ 10:00:00 CEST (6707 reads)
(Read More... | 6 comments | Score: 0)
Auto-Backup Your NUKE Database
Securityzulhar writes "Making backups is essential because problems inevitably occur and you need to be in a position to take action when disaster strikes. Are you maintaining your databases properly? Do you participate in a backup and recovery routine that checks on the health of the data? Are you prepared for worst thing that might happen to your website?

Read it more on how to auto-backup your nuke database at
http://zulkiplyharun.com"
Posted by VinDSL on Saturday, March 03 @ 16:10:13 CET (10532 reads)
(Read More... | 12 comments | Score: 0)
GUIDE: HOW TO RENAME YOUR ADMIN.PHP
Securityzulhar writes "Recently, I wrote a guide on how to modify phpnuke captcha and has resulted in a flurry of comments and queries requesting me to write a guide on "how to change admin.php?"

This article is not intended to teach you how to hack into PHPNuke but how to secure it properly. Since most of hackers are targeting this critical file to achieve their mission, you have to camouflage the file and secure it properly.

Read the rest the article for some ideas on how to secure your PHPNuke against hackers..."
Posted by VinDSL on Wednesday, February 07 @ 12:17:59 CET (6947 reads)
(Read More... | 10 comments | Score: 0)
Forums
Syndication
Last 20 Forum Messages


[ NukeCops ]
Survey
Should phpNuke continue to support other databases besides MySQL?

Yes
No
Does anyone care?



Results
Polls

Votes: 1474
Comments: 23
Site Visitors
Login Here:

Nickname:
Password:
Security Code: Security code
Type Security Code Here:

Members List Membership:
Latest: KCETeddy38's Profile KCETeddy38
Today: 0
Yesterday: 0
Overall: 657076

Visitation:
Guests: 400
Members: 0
Total: 400


You are Anonymous user. You can register for free by clicking here
Support Us
Help Keep NukeCops Online
And Support Our Work
Make donations with PayPal!
Donat-o-Meter Stats
March´s Goal: $350.00
Due Date:   Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $350.00

©
Donations
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 2.028 Seconds - 156 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::