I guess I am just a bitter b*st^rd about the whole php Nuke fiasco. Nuke is not a bad CMS by any stretch, and it certainly proved its usefulness to me over the last year, but this junk is completely unsecured and hack prone.
Nuke Cops is a fairly respectable site when it comes to securing a php Nuke deployment. They have 1000s of registered users, and it is the first place a php Nuke admin should look to find the latest downloads, mods, and security fixes. It really is a one-stop shop for php Nuke security info.
Too bad Nuke Cop’s user ban system is so f’ed-up. Seriously. I kid you not – their system completely sucks. After the first couple of hack attacks on the previous manifestation of Calvert Games, I decided to explore Nuke Cops to see if I could come up with a solution. I made the mistake of including “script” in one of my searches, thinking about the “admin script” add-on. Too bad for me because the “admin script” is actually “admin secure” and I later learned that fortress (another php Nuke security add on) was responsible for the auto-ban.
And by the way – admin secure is not a good solution in and of itself; it should be run in conjunction with other security scripts such as Fortress.
Fortress is a pretty cool script; I encourage all php Nuke sites to run it – I think it was responsible for finally eliminating the hack attacks on my humble site. While looking at the code I learned that sending the word “script” through a request would trigger an auto ban (assuming a site has this option enabled). Sure is helpful for stopping injection attacks, but down right piss poor for users. I mean, who would not search for the word “script” on a security site (i.e. Nuke Cops) that provides scripts for a CMS script (i.e. php Nuke)?
To this day I still cannot get to Nuke Cops – I am presented with “Banned by BAD-TAGS.” So Nuke Cops is now on my official wanker list. Why have an auto-ban system that does not even provide any sort of contact info “just in case” a mistake is made? Pretty poor decision on the part of Nuke Cops.
Thankfully cheers go to Computer Cops, which is incidentally run by the same guy that founded Nuke Cops. The Computer Cops community was extremely helpful in getting my php Nuke based site secure. The owner even provided me with contact info for the Nuke Cops guys, but no dice. No reply; banned to eternal damnation.
Nuke Cops and BAD-TAGS can jerk off for all I care.
