PDA

View Full Version : Securing PHP_Nuke 7.5 Questions



stardot
02-07-2005, 07:18 PM
A few quick questions for some of you guys running phpnuke on Westhost.

I am a new user on Westhost and have just finished setting up phpnuke 7.5. I added the chatserv patches, installed Sentinel 2.x, and Admin Secure 1.7.

I have read that I should fix up the .htaccess files, found some code for that.

Questions: Is all this just a waste of time and is phpnuke still likely to be hacked on Westhost anyhow?

What is the experience over here?

I want to install a gallery, and with Coppermine being so full of holes I thought to install Menalto Gallery as a phpnuke module. Anyone done this at Westhost?

Is Imagemagick or NetPBM installed here? I did not find any listing in the server apps listing.

wildjokerdesign
02-07-2005, 09:51 PM
Why would it be hacked? If you upgrade to php4.0.10 then you should be covered with the current concerns unless there is something new out I am not aware of.

You are going to have to install ImageMagick or NetPBM yourself. It is possible but not easy. WH was working at one time on getting ImageMagick as an easier install but not sure where things are on that at this point.

Haven't worked with phpNuke so can't really comment on that side of thngs.

xanzi
02-07-2005, 10:13 PM
Haven't worked with phpNuke so can't really comment on that side of thngs.
I have the dubious honor of having worked with it. It was my first CMS, but I realized after a while that it was impossible to secure. I applied the patches, installed Protector, did all that good stuff, but there were still security flaws. There's really not much you can do.

There are other CMSes out there that are faster, more flexible, more powerful, and more secure. If you want to stick with something nuke-ish, go with CPG-Nuke. There are other greats ones out there like Mambo and Xoops. Lately, I've been experimenting with my own modified version of Wordpress. These other CMSes also have much nicer user communities. They're helpful, non-malicious, and more knowledgeable.

Let us know what you decide to do.

jalal
02-08-2005, 01:19 AM
Postnuke is a much better alternatiive to PHPNuke, and the setup and everything is very similar, so you should be able to able to simply run an upgrade to use it.
I've been running some Postnuke sites for a few years now without problem.