Zero Identity
Username: Password:
[Forgot Password?] [Not Registered?]

Navigation

Navigation
Challenges
Media
Contribute

ZI Store Updates

Zi Store

Link to UsIf you'd like to become an affilate, please Link to Us!




Online Users

Registered Users: 1423
Latest Registration: peterp
Online Users: 9
(0 Members, 9 Guests)

Poll

What should be done with ZI from here on out?
Get the staff to come back and work on it. (19%) [13 Votes]
Shutdown the site. (2%) [2 Votes]
Leave it to rot. (1%) [1 Votes]
Get new staff to work on it. (76%) [52 Votes]

[Poll Archive]

If your shout contains ! in the begining, your links will not be clickable.
If you enter the user's full username, it will be highlighted just for that user.Shoutbox

rohansingh47rohansingh47

Avatar

Last Login:
10 year(s) ago
Joined:
07/17/2008 05:41
Experience:
1005.63 (02 day(s) ago)
hi @vs4vijay what's up
3l_f3n1x3l_f3n1x
V Fan
Avatar

Last Login:
10 year(s) ago
Joined:
08/05/2008 22:56
Experience:
276.43 (02 day(s) ago)
what's up?
vs4vijayvs4vijay
Hacked!!!....
Avatar

Last Login:
10 year(s) ago
Joined:
10/02/2008 06:41
Experience:
1070.77 (05 day(s) ago)
hello buddies...
3l_f3n1x3l_f3n1x
V Fan
Avatar

Last Login:
10 year(s) ago
Joined:
08/05/2008 22:56
Experience:
276.43 (19 day(s) ago)
I often visit ZI to see if there's some activity, but I always find it pretty much dead
hack4uhack4u
ZI Owner
Avatar

Last Login:
10 year(s) ago
Joined:
03/30/2008 18:30
Experience:
19699.95 (19 day(s) ago)
hey hows everyone doing. just checking in to see if people are still alive. :)
swiftnomadswiftnomad
Public Relations
Avatar

Last Login:
10 year(s) ago
Joined:
04/04/2008 13:35
Experience:
3274.18 (21 day(s) ago)
@el3v3nty , what's up? @mrdotkom, what's up? :)
[Shoutbox Archive]


Icon Zero Identity Forums - General - Web Security - Securing the cms


Are you bored? Check out the unaswered threads!

-Fbi-
Member
Female Body Inspector ;)

Avatar
Trainee

Joined: 27.12.2008
Last Seen: 10 year(s) ago
Experience: 66.3
Points: 165
#1 Securing the cms on January 13 2009 18:00
Right, im making a project with my school m8, and we will be using php-fusion 6th version :D Yes yes... php-fusion. I know its crap but its only cms that has all the functions. And i mean look at this www.grafa.biz this is extreme-fusion heavily modded.
We will mod ours up as well, it will be graphics and programming website, SO i would like some advice where should i start securing the system. Because it has alot of gaps where people can hack into easy.
-----------------------------------
Grindordie
Administrator
Software Engineer

Avatar
ZI Guru

Joined: 04.11.2007
Last Seen: 10 year(s) ago
Experience: 1074.3
Points: 1100
#2 on January 13 2009 18:08
PHP-Fusion is a great CMS, it has its security flaws like any other open-source CMS out there.

I would begin by altering the password hashing function and salting the passes. Possibly use sha2 as the encryption method.
That's not a bug, that's an unexpected feature

phpFort - light-weight content management system.
tancurrom
Administrator
Nibble

Avatar
Advanced Analyst

Joined: 03.04.2008
Last Seen: 10 year(s) ago
Experience: 501.5
Points: 450
#3 on January 13 2009 19:04
I would start by using the most recent version (7)?
A Nibble = 1/2 a Byte

Image
hack4u
Administrator
ZI Owner

Avatar
ZI Guru

Joined: 30.03.2008
Last Seen: 10 year(s) ago
Experience: 19699.95
Points: 1285
#4 on January 13 2009 22:43
Quote from Grindordie
PHP-Fusion is a great CMS, it has its security flaws like any other open-source CMS out there.

I would begin by altering the password hashing function and salting the passes. Possibly use sha2 as the encryption method.


yeah if you want to know how to secure PHPFusion listen to grind since he coded up HBH using Fusion as the template. they are pretty secure until Cheese starts coding and leaves them open :p

Image
Image
Grindordie
Administrator
Software Engineer

Avatar
ZI Guru

Joined: 04.11.2007
Last Seen: 10 year(s) ago
Experience: 1074.3
Points: 1100
#5 on January 14 2009 01:17
No, it wasn't because of Cheese's coding.
The reason why HBH was hacked so many times is because it was always hosted on a shared host, and they were usually insecure.. Even if they restricted some php functions... whoever knew a little bit of Perl could bypass it.
That's not a bug, that's an unexpected feature

phpFort - light-weight content management system.


Who is watching forums


Users viewing this page: Guests (1)
Users viewing the forum: 1



© 2009 ZeroIdentity.org | Atlanta SEO

Powered by phpFort © 2008
Page generated in 0.081 seconds. :: MySQL Queries: 12