{"id":5,"date":"2004-08-22T21:41:41","date_gmt":"2004-08-22T21:41:41","guid":{"rendered":""},"modified":"2010-02-23T04:56:00","modified_gmt":"2010-02-23T09:56:00","slug":"nuke-cops-and-bad-tags","status":"publish","type":"post","link":"http:\/\/www.calvertgames.com\/cgblog\/2004\/08\/22\/nuke-cops-and-bad-tags\/","title":{"rendered":"Nuke Cops and BAD-TAGS"},"content":{"rendered":"

I guess I am just a bitter b*st^rd about the whole php Nuke fiasco. Nuke is not a bad CMS by any stretch, and it certainly proved its usefulness to me over the last year, but this junk is completely unsecured and hack prone.<\/p>\n

Nuke Cops<\/a> is a fairly respectable site when it comes to securing a php Nuke deployment. They have 1000s of registered users, and it is the first place a php Nuke admin should look to find the latest downloads, mods, and security fixes. It really is a one-stop shop for php Nuke security info.<\/p>\n

Too bad Nuke Cop\u2019s user ban system is so f\u2019ed-up. Seriously. I kid you not \u2013 their system completely sucks. After the first couple of hack attacks on the previous manifestation of Calvert Games, I decided to explore Nuke Cops to see if I could come up with a solution. I made the mistake of including \u201cscript\u201d in one of my searches, thinking about the \u201cadmin script\u201d add-on. Too bad for me because the \u201cadmin script\u201d is actually \u201cadmin secure\u201d and I later learned that fortress (another php Nuke security add on) was responsible for the auto-ban.<\/p>\n

And by the way \u2013 admin secure is not a good solution in and of itself; it should be run in conjunction with other security scripts such as Fortress.<\/p>\n

Fortress is a pretty cool script; I encourage all php Nuke sites to run it \u2013 I think it was responsible for finally eliminating the hack attacks on my humble site. While looking at the code I learned that sending the word \u201cscript\u201d through a request would trigger an auto ban (assuming a site has this option enabled). Sure is helpful for stopping injection attacks, but down right piss poor for users. I mean, who would not search for the word \u201cscript\u201d on a security site (i.e. Nuke Cops) that provides scripts for a CMS script (i.e. php Nuke)?<\/p>\n

To this day I still cannot get to Nuke Cops \u2013 I am presented with \u201cBanned by BAD-TAGS.\u201d So Nuke Cops is now on my official wanker list. Why have an auto-ban system that does not even provide any sort of contact info \u201cjust in case\u201d a mistake is made? Pretty poor decision on the part of Nuke Cops.<\/p>\n

Thankfully cheers go to Computer Cops<\/a>, which is incidentally run by the same guy that founded Nuke Cops. The Computer Cops community was extremely helpful in getting my php Nuke based site secure. The owner even provided me with contact info for the Nuke Cops guys, but no dice. No reply; banned to eternal damnation.<\/p>\n

Nuke Cops and BAD-TAGS can jerk off for all I care.<\/p>\n

\"Share\"\/<\/a>\n