1) Install fortress http://nukecops.com/downloads-file-416.html
2) chmod 444 all nuke_authors.* files in your MySQL database.
This stops almost all of the script kiddies. Over 327 filed attempts on the LLUG site since February when I added these features.
There are also a few more steps that can help but these two simple features will stop a lot of problems.
Security is like clean underwear, you have to do it every day or people will notice.
It is at lot work and most of us, my self included, have a tendency to complacency until a problem happens that forces us to take action. There is a lot of talk about PHP-Nuke being very insecure and I have done a lot of extra work to try and secure the PHP-Nuke that runs on my server, many more steps then I have listed here. I would like to point out that, yes PHP-Nuke is near the top of the list of most frequent sites compromised but that I believe is more do to the fact that it is the number one most popular Open Source CMS. From a comparison of CMS software both Open Source and commercial I have found that most of the CMS systems out there are susceptible to the same if not similar attacks that have take down PHP-Nuke site. Many of the commercial CMS systems have never corrected these security holes. Basically speaking any attacker with a modest understanding of how or why the PHP-Nuke attacks work could implement the same attack on a majority of other sites not running PHP-Nuke. Does that make them anymore secure? The fact that the PHP-Nuke security holes are exposed faster then other CMS's is not a comfort but a benefit.
I have stopped upgrading PHP-Nuke in favor of adding my own security changes and watching what new changes become available. The author of PHP-Nuke tends to be less interested in security with his changes and more reliant on others to fix his mistakes. Only human.
Just my $0.02. I am no expert in security. I am learning as I go.
On Sun, 2004-09-05 at 14:29, Jarrod Major wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey All, I'm sad to report that the CLUG website has been hacked yet again. Thank-you to everyone who called me and informed me of the news. I was aware of it late last night but haven't been able to do anything about it till recently. It appears that there is a hack where someone may inject an admin account into our Nuke and I found two of them as it turns out. The accounts have been removed for now but I have not been able to track down where they managed to get their cute little post into our home page. It's irrelevant. This has pretty much tied the Executive Board's hands. We decided to make it easy on ourselves and go with a Nuke rather than making our own content-management system or doing static web pages that only we had access to. This will be rectified shortly. This kind of thing cannot continue, the vandalism of our site has been relatively tame, no real vulgarity but at some point they could start making changes to things like meeting notices and input incorrect dates or times. As we want the most accurate, secure website that we can have we will be changing it once again. You patience in the meantime is appreciated. - -- Jarrod Major GPG Fingerprint: FA4A 1EA3 A0EE A842 07BB 804C 0090 14F6 BE6E DE3D CLUG President Registered Linux User: #224211 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iQCVAwUBQTt3NACQFPa+bt49AQIp1gQAh2WoKayjtLXRJcvVi7PgjrXYTTUCLn4s vVs3UxUN4xfJ2obl+pGoZv0FAUwLU6T/4OmwUXJUfww9QMs/K9gn/jOqTrFT9PBF PAB5fNmszD5v4rHwmofA20OTkxrW/qL4CM63YoQe733eRh42aXJpnC1Rf4qvZsQo ZPvCVz3V88s= =lB7h -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
|
signature.asc
Description: This is a digitally signed message part
_______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
