Re: [ot] Chmods for phpNuke...

To: Debian Users List <debian-user@lists.debian.org>
Subject: Re: [ot] Chmods for phpNuke...
From: Damon Muller <dm-debian-user@empire.net.au>
Date: Sat, 27 Oct 2001 00:30:44 +1000
Message-id: <[🔎] 20011027003044.A3047@empire.net.au>
Mail-followup-to: Debian Users List <debian-user@lists.debian.org>
In-reply-to: <[🔎] Pine.LNX.4.21.0110250406580.18486-100000@rwdeb1.rwsoft-online.com>
References: <[🔎] 20011025203434.D26254@empire.net.au> <[🔎] Pine.LNX.4.21.0110250406580.18486-100000@rwdeb1.rwsoft-online.com>

PostNuke (www.postnuke.com) might be a better option. It's built on
PHPNuke, but seems to be a bit more security conscious.

HTH,

damon

Quoth Alexander Wallace, 
> Well, that's scary... Anyone knows of more secure alternatives?
> 
> On Thu, 25 Oct 2001, Damon Muller wrote:
> 
> > Quoth Alexander Wallace, 
> > > This is more of a linux question... Is there a way to change recursivly
> > > the mode to directories only?
> > > 
> > > PHP Nuke requires me to change all files to 666 (chmod -R 666 *) and to
> > > 777 all direcotories in order to use the file manager... Can this be done
> > > in a sinle operation?
> > 
> > You could always just re-enable telnet and remove the password for the
> > root account...
> > 
> > Seriously, you really shouldn't do this on a publically accessible
> > machine.
> > 
> > PPHNuke has had many security problems reported on BugTraq and lwn.net,
> > many of which do not seem to be addressed with any great haste.
> > 
> > Specifically, from last weeks lwn.net (http://lwn.net/2001/1018/security.php3),
> > 
> > 	Login vulnerability in PostNuke. The PostNuke web portal system
> > 	(up to version 0.64) has a vulnerability which can allow an
> > 	attacker to log into other users' accounts. A fix is included in
> > 	the report. It appears that PhpNuke is also vulnerable to this
> > 	attack. (We also still have not seen a new PhpNuke release
> > 	fixing the severe, widely-exploited vulnerability in version
> > 	5.2.)
> > 
> > You really should consider checking out something else.
> > 
> > However, it's your machine. :)
> > 
> > cheers,
> > 
> > damon
> > 
> > -- 
> > Damon Muller :: Department of Criminology :: University of Melbourne
> > 
> > I am Revenge: sent from the infernal kingdom,
> > To ease the gnawing vulture of thy mind,
> > By working wreakful vengeance on thy foes.
> >   -- Titus Andronicus
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > 
> > 

-- 
Damon Muller :: Department of Criminology :: University of Melbourne

It's not a sense of humor.
It's a sense of irony disguised as one.
  -- Bruce Sterling

Reply to:

Follow-Ups:
- Re: [ot] Chmods for phpNuke...
  - From: martin f krafft <madduck@madduck.net>

References:
- Re: [ot] Chmods for phpNuke...
  - From: Damon Muller <dm-debian-user@empire.net.au>
- Re: [ot] Chmods for phpNuke...
  - From: Alexander Wallace <awallace@rwsoft-online.com>

Prev by Date: Re: slink segmentation fault
Next by Date: Re: Radius
Previous by thread: Re: [ot] Chmods for phpNuke...
Next by thread: Re: [ot] Chmods for phpNuke...
Index(es):
- Date
- Thread