Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS

from [Paul Laudanski] Network Security [Permanent Link]
Subject: Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS
Date: Sun, 18 Sep 2005 13:11:16 -0400 (EDT) 
On 18 Sep 2005 jimz@cwazy.co.uk wrote:


I am very happy with TotalShield for apache ( www.applicure.com ). it filters 
out all the attacks on phpnuke.


Analyze.php for PHP-Nuke/phpBB is an application level tool  It isn't 
meant to prevent live attacks, only inform the sysadmin what is vulnerable 
on the server among other things.

However, thanks for the link.  When trying to visit it currently, I get 
this page:

[quote]
Warning: Unknown: failed to open stream: Permission denied in Unknown on 
line 0

Warning: Unknown: Failed opening '/var/www/applicure/index.php' for 
inclusion (include_path='.:/wwwroot/php/lib/php') in Unknown on line 0
[/quote]

It appears that even this site is displaying errors.  It would behoove 
them to disable that in php.ini.  Displaying of errors on a production 
website is frowned upon.

I have released an application called Fortress in the past which filters 
live attacks on PHP sites including PHP-Nuke.

The Beta 120 (1.20) is the version to get, although updated code exists 
which hasn't yet been released:

http://nukecops.com/modules.php?name=Downloads&d_op=search&query=fortress

-- 
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops(SM), http://castlecops.com


________ Information from Computer Cops, L.L.C. ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.

  part000.txt - is OK
http://castlecops.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Is netcraft publishing URL of your intranet sites?, Saqib Ali
Next by Date:  Re: NTLM and man-in-the-middle proxies not working, Eoin Keary
Previous by Thread:  Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS, jimz
Next by Thread:  Re: Web Application Security Analyzer for PHP-Nuke/phpBB CMS, jimz
Indexes:  [Date] [Thread] [Top] [All Lists]