Home arrow Web Authoring arrow New Nuke Security Sentinel: Worth Taking a Chance?
WEB AUTHORING

New Nuke Security Sentinel: Worth Taking a Chance?


It's important not to skimp on security when setting up a content management system. This article explores an open source, surprisingly secure content management system that works well for both novice and experienced webmasters.

Author Info:
By: Jessica Michaels
Rating: 4 stars4 stars4 stars4 stars4 stars / 5
June 25, 2007
TABLE OF CONTENTS:
  1. · New Nuke Security Sentinel: Worth Taking a Chance?
  2. · Nuke Community Searches for Answers
  3. · Repackaging the Management of Difficult Security Concepts
  4. · Pluses and Minuses

print this article
SEARCH DEVARTICLES

New Nuke Security Sentinel: Worth Taking a Chance?
(Page 1 of 4 )

In a recent article about CMS programs, I made quick reference to a need to be security conscious when choosing a Content Management System.  Now, I'd like to correct that cursory glance at a subject that really should be of prime importance when making the decision about a system.  The original choice can impose opportunity, or limits, on your web's safety and have far reaching effects on your success or failure.

Specifically, I want to explore the security solution found in a program that can be easily manipulated by a novice webmaster, while remaining entirely useful to the more advanced security professional.

A Historical Turd

The previous article also gave away my affinity for the Nuke CMS.  Now don't run off just yet.  I know that if you are like a large part of the programming community, you think of this program as outdated, full of security holes, and not worth bothering with.  Some even claim it's not really a CMS.  But take a look at what's new.

The original PHP Nuke CMS, developed in 2001 specifically for novice webmasters, offered core code for the most basic admin functions and controls for building and maintaining a member-based website. To give him credit for honesty, the creator admits that he learned how to code PHP in one week, and then wrote the script for the PHP Nuke CMS in the next three. To give further credit for ingenuity, he created a system that anyone could use to build a web site, leveling the playing field for hundreds of thousands of small concerns who had the desire but not necessarily the money or know how to set up shop on the Internet.

Unfortunately, by nature of the fact that the code is open source, the systems vulnerabilities have been eagerly and aggressively exploited.  Malicious intrusions, by an embarrassingly long list of attacks often left unsuspecting web masters as victims of everything from SQL injection attacks to complete take overs, up to and including being locked out of the admin controls. And those were the easy risks, those that the webmaster could see.

Another not so easy to spot form of malicious abuse included gaining access to a domain's email systems. Professional spam rings could then launch campaigns mailing thousands of users each day from the victim's web site's domain address.

The exploitability has not been helped by the fact that the program was extremely successful in reaching its target audience, namely new web administrators with little experience.  Such webmasters only learned about the abuse taking place on their sites when their IP address became blocked from major ISPs and they could no longer send or receive mail, or when they began getting hundreds of mail daemon messages on days they had sent nothing out. And, of course, the best proof that a site is being exploited, receiving mail offering watches, Viagra and child sex from their own domain.

Though it's an easy cop out, all of PHP Nuke's problems did not lie solely with the original creation.  Hundreds of well intentioned writers, eager to add on their own contribution to the Nuke, began developing modules to do this, and do that, also with little heed to security as an initial concern. Layer all of these problems in with the fact that add-on modules and blocks may or may not be updated regularly, if at all, and it's easy to see how problems developed.


blog comments powered by Disqus
WEB AUTHORING ARTICLES

- Top WordPress Plugins for Social Media
- How to Install WordPress on WAMPP
- More of the Best Wordpress Plugins for Comme...
- Top Wordpress Plugins to Fight Spam
- More of the top Drupal modules for SEO
- Top Drupal Modules for SEO
- More Top Wordpress Plugins for SEO
- Website Optimization Tips
- Backup and Restore a Drupal Website and Data...
- 5 Best Web Font Services
- Web Font Embedding Services
- Joomla Site Administration
- Create PHP Pages that Use WordPress Templates
- Top Joomla Extensions for Social Networking
- Drupal Modules for Site Navigation

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials