WebApp Sec mailing list archives
Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS
From: Paul Laudanski <zx () castlecops com>
Date: Sun, 18 Sep 2005 13:11:16 -0400 (EDT)
On 18 Sep 2005 jimz () cwazy co uk wrote:
I am very happy with TotalShield for apache ( www.applicure.com ). it filters out all the attacks on phpnuke.
Analyze.php for PHP-Nuke/phpBB is an application level tool It isn't meant to prevent live attacks, only inform the sysadmin what is vulnerable on the server among other things. However, thanks for the link. When trying to visit it currently, I get this page: [quote] Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0 Warning: Unknown: Failed opening '/var/www/applicure/index.php' for inclusion (include_path='.:/wwwroot/php/lib/php') in Unknown on line 0 [/quote] It appears that even this site is displaying errors. It would behoove them to disable that in php.ini. Displaying of errors on a production website is frowned upon. I have released an application called Fortress in the past which filters live attacks on PHP sites including PHP-Nuke. The Beta 120 (1.20) is the version to get, although updated code exists which hasn't yet been released: http://nukecops.com/modules.php?name=Downloads&d_op=search&query=fortress -- Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM), http://castlecops.com ________ Information from Computer Cops, L.L.C. ________ This message was checked by NOD32 Antivirus System for Linux Mail Server. part000.txt - is OK http://castlecops.com
Current thread:
- Web Application Security Analyzer for PHP-Nuke/phpBB CMS Paul Laudanski (Sep 16)
- <Possible follow-ups>
- Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS jimz (Sep 18)
- Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS Paul Laudanski (Sep 19)