You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 422 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Five simply rules !
SecurityFive simply APACHE/PHP/MYSQL rules that can help with security issues !

Top Apache-PHP-*SQL Security Issue:

1) allow_fopen_url = On
This is a default php.ini settings.
Whether to allow the treatment of URLs (like http:// or ftp://) as files.
It permits the remote execution of php script !
If you don't need to fopen/include remote file, set it to OFF.

2) Disable php method like: system();

3) Install mod_security with anti-SQL Injection regex.
mod_security automatically do an euristic check against malicious GET/POST request.

4) Use the php openbase_dir directive.

5) Chroot Apache

This five rules can help a lot !
But they only remain always perimetral defense.
Fix the code is always the better choice.

Good Luck

Francesco Marasco
Chief Technology Officer

Together Team s.r.l.
Via Torino, 34 - Rende (CS) 87036
Italy
Posted on Monday, June 12 @ 11:34:34 CEST by TogetherTeam
 
Related Links
· Computer Cops
· More about Security
· News by TogetherTeam


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 3
Votes: 3


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Associated Topics

Security

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.695 Seconds - 169 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::