Welcome to Just Commodores, a site specifically designed for all people who share the same passion as yourself.

New Posts Contact us

Just Commodores Forum Community

It takes just a moment to join our fantastic community

Register

Major Security Issues With Php-nuke

V

VooDoo

New Member
Joined
Feb 6, 2004
Messages
37
Reaction score
1
Points
0
Website
www.oz8.org
Members Ride
HSV GTO. 408ci Stroker, LS3 top end.
I hope you guys do realise that PHP-Nuke has many expliots available to get full root access to your server. I found this the hard way and yes it was fully patched and upto date.

Also you might want to check some of the comments to your images etc. Some mention Sucking C**k etc

check out here for more info that might secure your server

http://www.google.com.au/search?sourceid=n...oits+php%2Dnuke
 
V

vsBerli

Guest
Sorry I had to remove this, was a great point but not a good idea under the circumstances.

OSL-060.
 
G

grover

Guest
QUOTE (VooDoo @ Feb 6 2004, 10:31 PM) I hope you guys do realise that PHP-Nuke has many expliots available to get full root access to your server. I found this the hard way and yes it was fully patched and upto date.

Also you might want to check some of the comments to your images etc. Some mention Sucking C**k etc

check out here for more info that might secure your server

http://www.google.com.au/search?sourceid=n...oits+php%2Dnuke
tell me more.i've got no idea what you are on about.
 
OSL-060

OSL-060

Banned
Joined
Dec 23, 2003
Messages
1,298
Reaction score
7
Points
0
Age
42
Location
SE QLD
He means that anyone with knowledge can take over root access (control of the site). I'm sure Darren has this covered so theres no need to worry atm.

Cheers

Jake
 
Darren

Darren

Administrator
Staff member
Joined
Feb 2, 2003
Messages
3,002
Reaction score
431
Points
83
Age
44
Location
Adelaide
Website
www.justcommodores.com.au
Members Ride
BYD Atto 3 / RAV4 Hybrid
Thanks VooDoo for bringing the comments to my attention, I have just gone through and found the following people who are either going to be banned from the site assuming they have an account with us and while I'm at it I will be contacting the appropriate providers to deal with them.
[email protected] @ 203.10.1.25 (Westnet - Perth)isaac @ 144.137.119.49 (Bigpond - NSW)JOHN GERBA, JOE & HUGH @ 203.62.10.22 (Unsure at this stage)al @ 144.138.217.132 (Unsure at this stage)goat @ 202.45.107.1 (Netspace - Brisbane)
I would like to thank the stupidity to the above people who made no attempt to cover up who they really were

Looking at the link you posted this applies to versions dating back as earlier 5 but no mention of the version which this site is currently running. I am fairly strict when it comes to security but of course there are exploits out there which I am not able to cover. I guess all we are able to do is try our best to secure the site, if someone happens to obtain full admin access all we can do is recover from a previous backup and work with the host to rectify where the breach occurred.

I have voiced my opinion to the host of each security hole I have come across so far and to date they have been more than helpful on each occasion to plug it within a matter of minutes.

Thanks again for the concern.
 
B

Baldric

The BOSS
Joined
Dec 5, 2003
Messages
710
Reaction score
2
Points
0
Age
44
Location
Brisbane
Members Ride
VE GTS M6
I pernally wouldnt use PHP nuke AT ALL

Try PHP-invison or something a bit more stabler/secure.....

10c

EDIT: WN ip's are 202.72.x.x
 
You must log in or register to reply here.

Similar threads

R
VF SSV - 6.0L L77 - Misfire when cold - P0301 & P069E
Replies
5
Views
871
Sprog Dog
S
Top