I wanted to ask this question:
Why are focused so much on banning (ip...) instead of making sure that this CMS can withstand anything- anyform of attack.
Yahoo does not ban ip's or any of the other major sites...yeah I ban like crazy on my site and on my other projects as well- but I do it because I have not taken the time to test and patch my sites as well as they should and I do get a kind of kick out of it when people go to my error pages.
I am not saying I am some guru with all the apsects of this CMS (apache, php, mysql...infact I am truly just beginning).
When this site opened I thought that was what it was all about... joining together to secure as quickly, prof, and to better the code of phpnuke. Sure that is being done..totally...just why do we need to ban??- it proves that we are scared - I think
...but I still like to ban!
disgruntledtech Site Admin
Joined: Apr 14, 2003
Posts: 991
Location: Tulsa, OK
Posted:
Sat Jul 12, 2003 3:08 pm
to date, nukecops has either devoloped a defense for known security vulnerabilities in nuke or gotten the word out about server vulnerabilities (mysql, apache, etc) and we've pretty much secured nuke as much as we can.
looking forward however i see that the kiddie that used the news sql injection hole that was so much trouble a month ago will likely exploit the next vulnerability but if hes been banned at your site, its unlikely that your site will see any result of an attack from him again.
i do occasionally read through nuke source code (mostly the new stuff) and rest assured if i find a vulnerability, no matter how small -you'll see it in the nuke security forum
MikeMiles Lieutenant
Joined: May 29, 2003
Posts: 231
Posted:
Sat Jul 12, 2003 4:48 pm
Quote:
Why are focused so much on banning (ip...) instead of making sure that this CMS can withstand anything- anyform of attack....Yahoo does not ban ip's or any of the other major sites...
There's a big difference when someone is doing port scanning. They are looking for other vulnerabilities to break into a server not just ones in PhpNuke. Major companies have staffs whose full-time jobs are to keep out intruders. They do indeed ban IPs at least temporarily when attacks are going on. Depending on the type, they may automatically switch to a mirror server so it's not noticable to the public.
You can check this out for yourself. Run an automated script on one of them to pull a ton of info (a DoS attack) and see what happens....you'll get a 403 page. A little later on, you may end up being served (as in being sued). One of my relatives is an SA for a major company. His team does nothing but actively watch the servers because people are trying to break in or do DoS attacks on them 24/7. He's told me ways on how to bring down any server or part of the net using readily available free software. He's learned this just by fending off their attackers.
Don't kid yourself...none of the CMS' can withstand all attacks. The holes being pointed out are usually done by those using the script or someone who does security for a living. The script kiddies use published vulnerabilities. I've yet to see one of them come up with anything new on their own. So, banning them is no loss.
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Sat Jul 12, 2003 5:07 pm
MM is right, banning IP addresses due to port scans has nothing to do with PHPNuke, it has everything to do with the server itself. Folks are looking for open ports and/or exploits. I might be running a static site with no dynamic application whatsoever, but I'd still be running an automated port scan blocker. Security isn't just about ensuring one tactic lasts the test of time, its about installing multiple rings (layers) of security. If one layer is broken, there are many more to get through.
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
thecleaner Nuke Cadet
Joined: Jul 12, 2003
Posts: 2
Posted:
Tue Jul 29, 2003 12:50 pm
Zhen-Xjell wrote:
MM is right, banning IP addresses due to port scans has nothing to do with PHPNuke, it has everything to do with the server itself. Folks are looking for open ports and/or exploits. I might be running a static site with no dynamic application whatsoever, but I'd still be running an automated port scan blocker. Security isn't just about ensuring one tactic lasts the test of time, its about installing multiple rings (layers) of security. If one layer is broken, there are many more to get through.
that makes a lot more sense
Zhen-Xjell Nuke Cops Founder
Joined: Nov 14, 2002
Posts: 5939
Posted:
Tue Jul 29, 2003 1:02 pm
_________________ Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Rockdrala Sergeant
Joined: Aug 09, 2005
Posts: 97
Posted:
Wed Aug 24, 2005 12:38 am
Well banning ip's helps but unless you do it from server side to address a class c, I dont anyone will go through there ISP to get that changed but you never, I have heard stories...
anyone can release and renew attempt again.. the nuke sentinal cant really stop serious cracks like ftp crackers that run thousands of possible usernames and passwords in seconds... But the Sentinal can prevent some pretty damaging kiddie sql injections that cause php exploits..
Heres and Idea, where ftp cracking can take down the whole site in stroke...
Maybe in future version the Sentinal could sniff multiple login attempts from the response codes off port 21... its been awile but it believe response code 530 is bad login... if it could listen for 530 on port 21, use a includes email to notify you, this would be a major first step towards implementing the Sentinal towards Port Management and Port Security!
Also some poor bastards like me cant use the wonderful features of
Mod_Rewrite to use nuke or google tap.. becuase my isp is a cakehole!
I WANTED GOOGLE TO SO FRIGGEN BAD... Maybe you could release a version that uses doesnt require .htaccess... Perhaps a php script could emulate the presence of .htaccess and still access the mod_rewrite function.. That would be sweet..
Hey disgruntledtech
I was reading your post about the email hack, im glad I found someone who knows about the mail functions..
I cant find where my smtp port is specified in my smtp.php, I am trying to use my outside smtp server and it connects on port 587... so do you know?
griffinsbridge Captain
Joined: Aug 25, 2005
Posts: 380
Posted:
Sat May 06, 2006 3:24 am
Quote:
Perhaps a php script could emulate the presence of .htaccess and still access the mod_rewrite function..
I mentioned this idea a few months ago on ravenscripts. I was told I was an idiot. so i took the tossers copyright off all the ravennuke stuff Ive got.
Anyway, the idea I had was due to the sitemap.php script I have on one of my sites. This is one file that creates simple clones of all your nuke pages and formats them really simply. i use it for slow connections.
it uses some kind of mod_rewrite and all the urls accessed are short.html's.
I suggested adding something to modules.php, but I was told im a no-mark and raven's ideas of using Gb of code is what the world wants, not a simple, 1 file script.
man, I hate being patronised. Don't care who you are Pal, patronise me to my face!
I am working on it, albeit slowly, could take me months cos Ive got loadsa work on.
_________________ Black listed: Beretta, Danny stewardson
1 owes $40 and the other £4500
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
