You are missing our premiere tool bar navigation system! Register and use it for FREE!

•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
· Home
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 262 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Security: How secure is PHP-Nuke?
PHP-NukeI see it asked so often, so I thought a nice example would help to answer the question: "How secure is PHPNuke"?

Objectively the answer is more general then you think, and as specific as you want. First, PHPNuke is on the same level as any other software or hardware service out there.

Hardware you say? Yes hardware. Here are some examples of hardware systems that are "not secure" because they do run off of firmware (or software):

Well worth the read as they are eye openers.

Ok, what about other online portals/forums?


There are plenty more in this non-PHPNuke category all around the Net.

Now to focus on PHP-Nuke (some have patches):

That's just the data as found at CCSP. If you search this site ( for exploits you will find them too.

Now what does this mean? Free and even paid for services like vBulletin are susceptiable constantly to exploits.

Even companies like Microsoft *still* re-release advisories that are very old:

Take a look at these on Cisco, Apache, etc...

Even major government websites get defaced like NASA, and just this past Saturday too:

Lets not forget, some systems as secure as they can possibly be are not immune to "insider" hiccups that can potentially destroy everything:

What's the point of all this?

Nothing is secure. Software is programmed by humans. Hardware is accessed or used via firmware. Security breaches will happen. The object is to minimize the breaches. Once you feel that there can no longer be breaches, that is when you will be cracked. Stay safe and enjoy.

And also, stay at least 10 steps ahead of the black hats. (wink)
Posted on Wednesday, February 05 @ 17:22:34 CET by Zhen-Xjell
Related Links
· More about PHP-Nuke
· News by Zhen-Xjell

Most read story about PHP-Nuke:
PHP-Nuke new development direction (part 2)

Article Rating
Average Score: 2.08
Votes: 12

Please take a second and vote for this article:

Very Good


 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: How secure is PHP-Nuke? (Score: 0)
by Anonymous on Thursday, February 06 @ 19:15:08 CET
The title of this article made is seem like you were actually going to discuss the security of Php Nuke. Instead it comes across as excusing the large number of vulnerabilities that have been found in php nuke - not to mention the poor responce time out of FB when they come up.

The brilliant lack of standard input validation and user permissions systems scream of a developer that doesn't know - or doesn't care - about security.

Security breaches will happen and the objective to minimize the breaches seems ignored thus far in php nuke. Security doesn't consist of a single wall of defense (or a ton of quick fix kludges), it is applied consistantly in layers.

I appreciate that you people here decided to take an interest in php-nuke security, but this article just paints a sophist's excuse for the issue instead of tackling it directly.

Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.028 Seconds - 170 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded ( ::