Re: [ot] Chmods for phpNuke...
PostNuke (www.postnuke.com) might be a better option. It's built on
PHPNuke, but seems to be a bit more security conscious.
HTH,
damon
Quoth Alexander Wallace,
> Well, that's scary... Anyone knows of more secure alternatives?
>
> On Thu, 25 Oct 2001, Damon Muller wrote:
>
> > Quoth Alexander Wallace,
> > > This is more of a linux question... Is there a way to change recursivly
> > > the mode to directories only?
> > >
> > > PHP Nuke requires me to change all files to 666 (chmod -R 666 *) and to
> > > 777 all direcotories in order to use the file manager... Can this be done
> > > in a sinle operation?
> >
> > You could always just re-enable telnet and remove the password for the
> > root account...
> >
> > Seriously, you really shouldn't do this on a publically accessible
> > machine.
> >
> > PPHNuke has had many security problems reported on BugTraq and lwn.net,
> > many of which do not seem to be addressed with any great haste.
> >
> > Specifically, from last weeks lwn.net (http://lwn.net/2001/1018/security.php3),
> >
> > Login vulnerability in PostNuke. The PostNuke web portal system
> > (up to version 0.64) has a vulnerability which can allow an
> > attacker to log into other users' accounts. A fix is included in
> > the report. It appears that PhpNuke is also vulnerable to this
> > attack. (We also still have not seen a new PhpNuke release
> > fixing the severe, widely-exploited vulnerability in version
> > 5.2.)
> >
> > You really should consider checking out something else.
> >
> > However, it's your machine. :)
> >
> > cheers,
> >
> > damon
> >
> > --
> > Damon Muller :: Department of Criminology :: University of Melbourne
> >
> > I am Revenge: sent from the infernal kingdom,
> > To ease the gnawing vulture of thy mind,
> > By working wreakful vengeance on thy foes.
> > -- Titus Andronicus
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
> >
--
Damon Muller :: Department of Criminology :: University of Melbourne
It's not a sense of humor.
It's a sense of irony disguised as one.
-- Bruce Sterling
Reply to: