>>  Site Map >>  Forums >>  Security Issues

Forum module - topics in forum:


Security Issues - Get help in securing your PHP-NUKE Installation.

Sentinel
Hi all,
first how do i find out what version of phpnuke i have and second is there a version of sentinel for it please

thanks

Mick



Download Analyzer and upload it to your FTP in root (where the config.php file lives. Then call anayzer by typing http://yourdomain.com/analyzer.php

You will then know everything you ever wanted to know about your nuke installation and possibly a few things you didn't want to know to. Just kidding.

Yes there should be a version of sentinel available for your version of nuke provided it's above 7.1



just got nuke sentinle

I knew i shoulda backed it up before i even tried to install this damn thing...Anywayz i installed it and now i get this error

Code: :
Parse error: parse error, unexpected '/' in /home/gangstas/public_html/mainfile.php on line 13



and this is the first 20 and more lines:

Code: :
<?php

/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2005 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************//

define('NUKE_FILE', true);
if (file_exists("includes/custom_files/custom_mainfile.php")) {
   include_once("includes/custom_files/custom_mainfile.php");
}

//Union Tap
//Copyright Zhen-Xjell 2004 http://nukecops.com
//Beta 3 Code to prevent UNION SQL Injections
unset($matches);
unset($loc);
if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", rawurldecode($loc=$_SERVER["QUERY_STRING"]), $matches)) {
   die();
}

$queryString = strtolower($_SERVER['QUERY_STRING']);
if (stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'/*') OR stripos_clone($queryString,'*/union/*') OR stripos_clone($queryString,'c2nyaxb0')) {
   header("Location: index.php");
   die();
}


any suggestions on what to do??

or how can i go about unistalling it??



See this:
Code: :
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2005 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************//

Change it to:
Code: :
/************************************************************************/
/* PHP-NUKE: Advanced Content Management System                         */
/* ============================================                         */
/*                                                                      */
/* Copyright (c) 2005 by Francisco Burzi                                */
/* http://phpnuke.org                                                   */
/*                                                                      */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/************************************************************************/




life saver! TY!



okay installed it a get this error

Quote: :
It appears that NukeSentinel(tm) has not been configured correctly. The most common cause is that you either have an error in the syntax that is including includes/nukesentinel.php from your mainfile.php, or you have not added the NukeSentinel(tm) code to your mainfile.php. Details for including this code are included in the download package in the Edits_For_Core_Files directory.


but the files that came with it mainfile.php it's not the same formate as my mainfile. It says examples so I dont know exactly what to add??!! I've got everything but what I'm suppose to add to the mainfile.php, admin.php, and header.php i think are the 3 that are suppose to be edited...



What version of sentinel...... NONE of the newer versions come with preconfigured files.



dont remeber the version i got it from another big site....

it was example of what ur mainfile should look like....so i dont know what to add or delete?!



I suggest you download Analyzer from above and run it, then let us know what version of php-nuke you are running. As far as you downloading a mainfile off a big site and it showing you what is should look like, mainfiles can vary in different ways. Which is why in the Edit For Core Files it shows you want to find, and what to replace what you find with. I would suggest that you use your mainfile and find what it states in the Edit Core Files folder and edit them. But first you need to post us what version of php-nuke your site is running and if it is patched with any Chatserv patches.



7.8 no chatserv



This come directly from the readme file included with NukeSentinel
Quote: :
Section 2: Requirements & Latest Features:
------------------------------------------
REQUIREMENTS:
- While NukeSentinel(tm) runs with PHP-Nuke 7.7/7.8 it is recommended that you use 7.6
or below due to the many security issues introduced in 7.7/7.8 .
- NukeSentinel(tm) requires PHP-Nuke 7.1 - 7.8 plus Patched 2.9+ to be installed. If
you are not using Patched 2.9+ you can still use it, but you will need to make
several modifications. If you are using v6.5, it should work but there may be additional
edits needed.
Applying NukeSentinel to a site especially any php-nuke build over 7.6 is like applying a bandaid to a severly bleeding wound. You need to patch your site to the latest Chatserv patch, if not you installing NukeSentinel wont make your site secure. As we have stated many times even with the patches from Chatserv and any additional security it still leaves your site vulernable to exploits. And the Edits to Core Files folder mainly deals with sites that are patched to at least Chatserv 2.9 and possibly 3.0. I would suggest that you update your php-nuke build with the newest Chatserv patch. Then install NukeSentinel should work for you then.



Earlier you told me 7.6 hmmmm

Anyway if the version of Sentinel you are using comes with preconfigured files, then you are not using a version that is suitable for 7.8

You need to be using Nuke Sentinel 2.4.2 pl9 and you MUST patch your site with Nuke 7.8 Patched 3.2 BEFORE installing Nuke Sentinel.

There is a reason why these things come with descriptions. The last version that came with preconfigured files. Well lets put it this way. 7.6 was probably just coming out.



Attention! You are currently viewing sitemap page!
We strongly suggest to look at original content

Search from web

Valid HTML 4.01 Valid CSS