I was reading up on sql injections and decided to test my nukesentinel to see if it will detect it. It didn't, and I got in, so I asked my friend to try it on his computer. It worked also, I'm thinking this is a very big vulnerability in my php-nuke. Is there a way to protect myself?
Slackervaara Captain
Joined: Sep 13, 2003
Posts: 355
Posted:
Tue Aug 28, 2007 8:17 am
Try this, which I read about on the link below:
Use this to stop 99% of phpNuke hacks
## ----------------------------------------- ##
# Allow phpNuke Admin access from Special IPs
<Files "admin.php">
Order allow,deny
Allow from xx.xx.xxx.xxx
Allow from xx.xx.xx.
Allow from xx.xx.
</Files>
## ----------------------------------------- ##
Replace the Xes with your IP. Notice you can allow larger
subnets
Using just the last htaccess option to lock down your admin.php will make your site a fortress even from many of the mySQL injection hacks.
Have you checked in Sentinel Configuration that Sentinel is configured to block different types of hacking? I forgot to do this the first time I used Sentinel.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
