>>
Site Map
>>
Forums
>>
PHP-Nuke Security
Forum module - topics in forum:
PHP-Nuke Security - Been hacked? or have a question about securing your site, here's the place.
Securing a php-Nuke site
Hi,
I'm one of the people who've merrily installed phpnuke via cpanel, got it all up and running just how I like it and then found out it's about as secure as a wet paper bag. Hmmm...
Although I'm running 7.9 I'm not really looking for support on that particular version, I'm wondering if it's worth me starting afresh with a completely new CMS or downgrading to version 7.6 (I believe that is the last "recommended" version)
I've put about 30 hours into the site over the last week or so, but if it's going to be a nightmare to maintain I'd rather lose the work so far than constantly be restoring backups.
My host got hit last night, the vulnerability was phpnuke, but fortunately it wasn't my site, although my site was one of those affected.
So I've got a few choices as I see it...
1) Stick with the existing site and patch it to within an inch of it's life.
2) Option 1 + Install something like Sentinel?
3) Downgrade to version 7.6 (I'm not sure if this is possible)
4) Give up on Nuke as a CMS altogether
Fortunately I've been taking a back up every night as the site has been in development anyway, but of course I don't really fancy incorporating a phpnuke back up into my bedtime routine (Horlics, Pyjamas, full db backup...)
Finally, I installed nuke to a default database (php_nuke1 I think) and I've read that moving your database to another location (ie php_wibble) would actually help. Is this the case and is it actually feasible to move my existing tables.
A lot of writing there I know, but I'd be very grateful if you could give me some general advice on how best to proceed.
Thanks
Chris
Depending on what you want to do with your site, either option 3 or 4. If you were happy with Nuke while you were using it, stick with 3.
Yes, it is possible to downgrade to 7.6. If you have a look at this topic:
http://phpnuke-uk.net/modules.php?name=Forums&file=viewtopic&p=26050, it will give you a link to a downgrader. After you have run the script, you will need to delete all the 7.9 files, and replace them with the 7.6 files. Then install sentinel and the latest patch which you can find on the homepage of this site.
If you choose that way, you wont lose ANY content. The downgrader only changes the DB tables, not the content within them.
Thanks a lot for your prompt reply. We run a fair few modules, I'm presuming there will be an impact on some of those?
Anyway, looks like I know what I'm doing all day tomorrow
I wouldn't have thought so, as long as those modules weren't wrote specifically for 7.7+
