You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 202 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - This is just BS [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
RobbieB
Lieutenant
Lieutenant


Joined: Jul 15, 2003
Posts: 195

Location: California

PostPosted: Thu Mar 16, 2006 5:51 pm Reply with quoteBack to top

I've had it. I've tried to stay up-to-date with patches but EVERY DAMN version of phpnuke has the same stupid exploits.

DELETION OF ALL STORIES, ALL FORUMS AND MESSAGES

its' downright BS.

How many more version is it going to take until you just put an end to this crap. Why should you have to be a security expert to operate a phpnuke website.

Plenty of information is available each time these GUYS mess up peoples websites

for example this pos website was linked on my stie http://exploitercode.com/
Why dont you figure out what the hell they are exploiting and patch it.
Find all posts by RobbieBView user's profileSend private messageVisit poster's website
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Thu Mar 16, 2006 7:19 pm Reply with quoteBack to top

All those listed for phpNuke are already patched in the Patched files.
It is not our fault FB releases bad code, and makes you pay for worse code

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
jimmorrison
Corporal
Corporal


Joined: Sep 27, 2003
Posts: 60


PostPosted: Sun Mar 19, 2006 4:13 pm Reply with quoteBack to top

Awww what a bummer. I came on to nuke cops after a couplee years away to check if PHP Nuke is still a hackers / exploiters dream.

Sounds like the case, stink; I so want to use it again. But I will not go back down that path again of endless upgrades / patches, then having to go and rewrite customised layout code that were replaced by the patches.. .

Maybe Nuke Cops security gurus could lobby FB to address these issues for the greater good of the community? A good way to get his attention would be by buying his domain name; FRANCISCOBURZI.COM; it is currently available and would need to be bought with respect / honorable intensions.

I would sign any petition, but I don't have the skills to give a critical opinion on his coding practices.
Find all posts by jimmorrisonView user's profileSend private messageVisit poster's website
sting
Site Admin
Site Admin


Joined: Jul 24, 2003
Posts: 1986

Location: Apparently ALWAYS Online. . .

PostPosted: Sun Mar 19, 2006 7:29 pm Reply with quoteBack to top

Code:
Maybe Nuke Cops security gurus could lobby FB to address these issues for the greater good of the community?


Hmmm. Now there is a thought. I do believe that one has already happened.

-sting

_________________
Is it paranoia if they are really out to get you?

-------------------------------------------------------
sting usually hangs out at nukehaven.net
Find all posts by stingView user's profileSend private messageVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Tue Mar 21, 2006 6:51 am Reply with quoteBack to top

How about FRANCISCOBURZISUCKS.COM ? Smile

Really FB has shown no inclination to change. And so the Nuke community picks up where he left off.. the Patched files, Sentinel, and other great community work. I think you'll see a much better package coming from other groups - such as RavenNuke product

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
spcdata
Corporal
Corporal


Joined: Dec 10, 2003
Posts: 50


PostPosted: Tue Mar 21, 2006 7:13 am Reply with quoteBack to top

Evaders99 wrote:
How about FRANCISCOBURZISUCKS.COM ? Smile


I vote for that one Wink

_________________
/spcdata
Find all posts by spcdataView user's profileSend private messageVisit poster's website
sting
Site Admin
Site Admin


Joined: Jul 24, 2003
Posts: 1986

Location: Apparently ALWAYS Online. . .

PostPosted: Tue Mar 21, 2006 7:16 am Reply with quoteBack to top

You know what I like about this post? The generalizations. Oh and more.

Quote:
but EVERY DAMN version of phpnuke has the same stupid exploits.


Technically that's not true. Usually the newer versions have the same exploits plus about 20 - 30 more depending on the version. So really 7.6 doesn't have the same exploits as 7.7 or 7.8.

Quote:
DELETION OF ALL STORIES, ALL FORUMS AND MESSAGES


Aside from being a strange statement, I have never seen a version of nuke that had this as an inherent exploit. I have seen people exploit the site and then maliciously delete all stories, forums and messages, but in and of itself, no one exploit that I am aware of just 'does' this.

Quote:
How many more version is it going to take until you just put an end to this crap.


Wow. Personally, I would say a lot, seeing as I have no authority over FB, nor do I have any real authority to - as you so eloquently put it - 'put an end to this crap.' But I do appreciate the assignment of responsibility to myself and the other nuke coppers, and yes we do try to get these issues handled in many different ways as fast as we can given the fact that we a.) do not get paid for this, b.) have day jobs that require our attention in order for us to get paid and c.) do actually enjoy doing other things from time to time.

Quote:
Why should you have to be a security expert to operate a phpnuke website.


Quite simply, you do NOT have to be a security expert. I do not consider myself to be a security 'expert' and yet I run several websites (some have been hacked, some have not).

You DO on the other hand, have to be able to read directions, keep up with the latest and greatest patches, and either be willing to do this yourself or hire someone else to do it.

IF you find yourself unable or unwilling to do any of these things, then YES, NUKE IS NOT FOR YOU.

Now, on a side note - kudos to evaders for listing RavenNuke - if you are worried about security, and better yet want to work with a package where the developers care about what they put out and (trust me on this one) send out countless emails, posts, and instant messages requesting testing and re-testing, then I would certainly check it out.

[/END OF RANT]

-sting

_________________
Is it paranoia if they are really out to get you?

-------------------------------------------------------
sting usually hangs out at nukehaven.net
Find all posts by stingView user's profileSend private messageVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Tue Mar 21, 2006 7:39 am Reply with quoteBack to top

If FB would apply the Patched files in full, that would solve a lot of problems. But he only seems to care when phpBB is upgraded, and when he can add another new, untested feature to phpNuke.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Guidyy
Sergeant
Sergeant


Joined: Sep 01, 2003
Posts: 77


PostPosted: Tue Mar 21, 2006 10:19 am Reply with quoteBack to top

Hey Hey!
what if FB stop sending out buggy code?
You would have no excuse to stay behind the PC,
so you'd help wife doing laundry, house cleaning, or bring the girlfriend shopping, out for dinner, watching a crappy romantic movie on TV and so on!
What is more stressfull????
*WINK*
Guido
Find all posts by GuidyyView user's profileSend private message
sting
Site Admin
Site Admin


Joined: Jul 24, 2003
Posts: 1986

Location: Apparently ALWAYS Online. . .

PostPosted: Tue Mar 21, 2006 11:33 am Reply with quoteBack to top

Quote:
so you'd help wife doing laundry, house cleaning, or bring the girlfriend shopping, out for dinner, watching a crappy romantic movie on TV and so on!


Even crappy romantic movies have their perks. And as for stressful, stress relief can come in - shall we say - many ways.

-sting

_________________
Is it paranoia if they are really out to get you?

-------------------------------------------------------
sting usually hangs out at nukehaven.net
Find all posts by stingView user's profileSend private messageVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
Draconic
Nuke Soldier
Nuke Soldier


Joined: Jan 02, 2006
Posts: 26


PostPosted: Wed Mar 22, 2006 7:12 pm Reply with quoteBack to top

Evaders99 wrote:
How about FRANCISCOBURZISUCKS.COM ? Smile


I can get domains for about $.50 a piece. So maybe I'll get that one. Very Happy

I've considered trying Joomla just because of all this BS. But I'm too lazy to bother trying to convert my site again.

Oh and buying someone's name like that, couldn't you be prosecuted for slander? Not that I was seriously considering it. Wink

_________________
Web Hosting and VoIP Service Forums
Web Hosting Forums | VoIP Service Forums | WLNN | VoIP Reviews
Find all posts by DraconicView user's profileSend private messageVisit poster's website
Steptoe
Captain
Captain


Joined: Oct 10, 2004
Posts: 563


PostPosted: Thu Mar 23, 2006 7:35 pm Reply with quoteBack to top

Quote:
Why should you have to be a security expert to operate a phpnuke website.

Reply by Sting
Quote:
You DO on the other hand, have to be able to read directions, keep up with the latest and greatest patches, and either be willing to do this yourself or hire someone else to do it.

Sting touches lightly in his "rant" Here is the bottom line..the reality
why pick on Nuke in the 1st place?..MS has security updates, , apache, Im not going to list, EVERYTHING has updates...
Geeze u dont even have to have a web site...just checking your email u need virus scanner updates at least every week!!!
Just like the above the nuke coders (UNPAID) work bloody hard keeping up dated patchs..Then there are the Devaopment guys like those on the Raven Team doing and absolute awesome job...FREE.
Patched updated Nuke is as secure as any web sites/portals around..if not more so.
the only person who makes any money is the person who least deserves it, FB.

I have seen short sighted 1/2 a55 statements in my time but
Quote:
Why should you have to be a security expert to operate a phpnuke website.

hast to go into the records as a classic, as one of the most stupid I have seen.
Find all posts by SteptoeView user's profileSend private messageVisit poster's website
Blind-Summit
Sergeant
Sergeant


Joined: Jan 17, 2004
Posts: 110

Location: Norwich, England

PostPosted: Fri Mar 24, 2006 4:31 am Reply with quoteBack to top

I have got pretty frustrated myself - but this is because I have sat down and mofified file after file to make my nuke just how I want it. Just a few minor changes takes bloody ages so I can give my upmost respect to the guys for putting this phpnuke together in the first place.

I think there needs to be more communication and input from all the nuke sites out there with the sentinel and other fixes. They should all collaberate and work on getting a release out that's super secure. Start back from 6.x or 5.x and then work up again and see what was secure, and what wasn't.

Someone pointed out about checking these hacker sites. I know of a few that list new exploits - so we should look at these and then patch them.

I was hacked last night but some Turkish c**ts and yeah I want to cuf off their faces and stick them to their arses - but we just have to get on with stuff.

I've banned a Rainbow Brite ton of IP address, and am looking to ban all of turkey and some other non english sites to stop spam and other crap. I think there needs to be a secure front door to nuke that stops people right at the top level and then does some basic checking - only after that can they then enter the website.

Either that or we just track the hackers down and kill them one by one

nuke-hacker-slaughter.com?

_________________
[img]http://www.blind-summit.co.uk/sig.php[/img]
Find all posts by Blind-SummitView user's profileSend private messageSend e-mailVisit poster's websiteAIM AddressYahoo MessengerMSN MessengerICQ Number
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Fri Mar 24, 2006 6:39 am Reply with quoteBack to top

Easier said than done. There have been many talks on where to procede. But few can agree on where to go - each person has their own goal.

I believe most people have gone over to ravenphpscripts.com - probably the best project that will stay long term and develop into a truly great project.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Guidyy
Sergeant
Sergeant


Joined: Sep 01, 2003
Posts: 77


PostPosted: Fri Mar 24, 2006 9:32 am Reply with quoteBack to top

Agreed!
When I started my first phpnuke, I did because i liked the concept of "modularity".
I do not think I am alone beliving that nuke core should be absolutely basic (a layout where to put stuff with a common background) with high security standards, extreme care on coding, and an eye on CSS and HTML validations.
All the rest could be completely done with addons.
In this scenario, probably only the best modules, with high care on coding and compilance to standards (css, 4.01, XML) would have a future and keep hackers away.
Probably Ravennuke, as stated by Evanders, it the only project going into that direction.
Guido
Find all posts by GuidyyView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.166 Seconds - 179 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::