You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 267 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Security: How secure is PHP-Nuke?
PHP-NukeI see it asked so often, so I thought a nice example would help to answer the question: "How secure is PHPNuke"?

Objectively the answer is more general then you think, and as specific as you want. First, PHPNuke is on the same level as any other software or hardware service out there.

Hardware you say? Yes hardware. Here are some examples of hardware systems that are "not secure" because they do run off of firmware (or software):

http://www.computercops.biz/article1700.html
http://www.computercops.biz/article423.html
http://www.computercops.biz/article406.html
http://www.computercops.biz/article267.html

Well worth the read as they are eye openers.

Ok, what about other online portals/forums?

vBulletin: http://www.computercops.biz/article1907.html
http://www.computercops.biz/article577.html
Ikonboard: http://www.computercops.biz/article219.html
YaBB: http://www.computercops.biz/article959.html
PostNuke: http://www.computercops.biz/article359.html
http://www.computercops.biz/article277.html
http://www.computercops.biz/article241.html

There are plenty more in this non-PHPNuke category all around the Net.

Now to focus on PHP-Nuke (some have patches):

http://www.computercops.biz/article2077.html
http://www.computercops.biz/article2038.html
http://www.computercops.biz/article1513.html
http://www.computercops.biz/article919.html

That's just the data as found at CCSP. If you search this site (http://phpnuke.org/modules.php?name=Search) for exploits you will find them too.

Now what does this mean? Free and even paid for services like vBulletin are susceptiable constantly to exploits.

Even companies like Microsoft *still* re-release advisories that are very old:

http://www.computercops.biz/article2093.html

Take a look at these on Cisco, Apache, etc...

http://www.computercops.biz/article2055.html
http://www.computercops.biz/article2051.html
http://www.computercops.biz/article1436.html
http://www.computercops.biz/article1808.html

Even major government websites get defaced like NASA, and just this past Saturday too:

http://www.computercops.biz/article2095.html

Lets not forget, some systems as secure as they can possibly be are not immune to "insider" hiccups that can potentially destroy everything:

http://www.computercops.biz/article1107.html

What's the point of all this?

Nothing is secure. Software is programmed by humans. Hardware is accessed or used via firmware. Security breaches will happen. The object is to minimize the breaches. Once you feel that there can no longer be breaches, that is when you will be cracked. Stay safe and enjoy.

And also, stay at least 10 steps ahead of the black hats. (wink)
Posted on Wednesday, February 05 @ 17:22:34 CET by Zhen-Xjell
 
Related Links
· More about PHP-Nuke
· News by Zhen-Xjell


Most read story about PHP-Nuke:
PHP-Nuke new development direction (part 2)

Article Rating
Average Score: 2.08
Votes: 12


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: How secure is PHP-Nuke? (Score: 0)
by Anonymous on Thursday, February 06 @ 19:15:08 CET
The title of this article made is seem like you were actually going to discuss the security of Php Nuke. Instead it comes across as excusing the large number of vulnerabilities that have been found in php nuke - not to mention the poor responce time out of FB when they come up.

The brilliant lack of standard input validation and user permissions systems scream of a developer that doesn't know - or doesn't care - about security.

Security breaches will happen and the objective to minimize the breaches seems ignored thus far in php nuke. Security doesn't consist of a single wall of defense (or a ton of quick fix kludges), it is applied consistantly in layers.

I appreciate that you people here decided to take an interest in php-nuke security, but this article just paints a sophist's excuse for the issue instead of tackling it directly.


Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.031 Seconds - 172 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::