Jump to content

Many Roads To Security? - 3rd Party Scripts


Recommended Posts

I want to stay at TCH. I like it here :thumbup: Because

1) TCH puts so much emphasis on security and good service.

2) TCH is reasonable. If a customer has a problem he/she is explained the issue and ample advice is given on how to proceed in solving the issue. :)


My problem is that I cannot satisfy the requirement of having _always the very latest official_ version of any script :( . This is how I try to deal with security:


I try to chooce the most secure script to start with. Some developers put more emphasis on security than others. Some forks are based on improved security. And some new scripts are built with security in mind from step one. They might not be the most popular ones - this increases security too.


I do not use the scripts provided with cPanel. I personally believe that when PHP-Nuke is included then security is not at the highest level. It has an awful security record. It is very popular and thus included. - I do not want to spend days fixing a hacked site just because it is supported by cPanel. I hope I am not penalized for trying to use more secure 3rd party scripts.


I make some standard security enhancements to scripts. If the script is non-standard then some standard exploits may not apply. A hacker can find easier ones to attack.


I modify some meta tags and other identifiers within the confines of copyright. Many exploits apply to a given version of a script. The hacker may find the targets with a careful Google search phrase. My sites cannot be found in such a standard way. It is not 100% safe but I hope to avoid the first wave of random attacts with new exploits. To gain a few extra days to patch the script is just what I need. - A site based on cPanel included script is really visible and thus vulnerable.



Because of the many security and nonsecurity related modifications I find it hard to update scripts immediately. It is in my interests to update but to avoid excessive workload I may occasionally have to step over an update. - There is no such thing as 100% security in internet. Eventually one of my sites will fall victim - but I am doing my best to postpone it as much as I can. :)


There are many ways to take security seriously. Having the most up to date version of the script is just one of them. What I outlined above is another. And there are others still. - If I got it right, the second TCH email (on need to update 3rd party scripts) may allow for this diversity. :)


Some of us may not have the luxury of instant updates. Then we need something else instead. Any general security tips you are willing to share?


Link to comment
Share on other sites

Comment on PHP-Nuke:

If you want a PHP/MySQL community website, I highly suggest Drupal (http://www.drupal.org).


If you really want to run PHP-Nuke for some reason, consider that: the system is a mess, and it's full of security holes, the only pro over Drupal is that it's easier to use, and then download PHP-Nuke from the official site (http://www.phpnuke.org) and apply security fixes and patches from NukeFixes (http://www.nukefixes.com), finally, protect the admin.php page with Apache's basic auth.


Make sure to update to the latest versions of PHP-Nuke and NukeFixes patches as soon as they are out.


Hope this helps :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...