Hello
I have setup a new server with galleries, file uploads, fori, etc.
Can someone please test my security measures that I took to defend the server against script-kiddie standard-attacks (against wget execution in /tmp, rootkits and other SQL-Injections)?
If you can do those things to Postnuke, please post or PM me.
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 07:01 AM
- mazdev responded to »Pages 2.5.0 and updating - Page not found« 06:41 AM
- ehdwma created topic »Hide "Register new account" and change template to 3 col« 06:27 AM
- mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 01:29 AM
- mdee created topic »How to implement returnpage ?« 01:00 AM
- nestormateo responded to »Fillters in Clip« 24. May
- damon responded to »Can the Updated Version Check be Turned Off (Z 1.3)« 24. May
Zikula Blog
- Anatomy of Open Source Projects on Mar 07
- Continuous Review on Mar 01
- Not Invented Here on Feb 24
- How to Contribute Your Code at Github on Jan 13
- 10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
- Submitting Bug Report Tickets That Get Results on Aug 17
- Cozi Tricks #1: Syntax Highlighting on Aug 07
Login
Whitehat Hacker with PN experience wanted
-
- Rank: Helper
- Registered: Dec 31, 1969
- Last visit: May 20, 2010
- Posts: 524
Posted: Jul 18, 2005 - 01:00 AM
-
- Rank: Helper
- Registered: Dec 31, 1969
- Last visit: May 20, 2010
- Posts: 524
Posted: Jul 18, 2005 - 06:41 PM
nobody? -
- Rank: Software Foundation
- Registered: Dec 31, 1969
- Last visit: Oct 21, 2009
- Posts: 3814
Posted: Jul 19, 2005 - 01:21 AM
maybe nobody knows about current wget/rootkits/sql-injections within the current release build - at least i hope so
since a full code auditing is very time-consuming i doubt you'll find someone.
BTW: even some basic config-settings like register_globals=off and magic_quotes_gpc=on will improve the security quite nicely - most of the known exploits won't work under those circumstances...
--
regards from germany
..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::.. -
- Rank: Helper
- Registered: Dec 31, 1969
- Last visit: May 20, 2010
- Posts: 524
Posted: Jul 19, 2005 - 01:53 AM
yes, but then you run into problems with other modules, such as gallery (requiring magic quotes off, if I rember well), or oscommerce (requiring register globals to be ON), uploads (requiring safe mode being off), and and and...
I have made some server configurations which should hold off some of the stuff (and installed mod_security) - I would like to know if it works and helps?
- Moderated by:
- Support
