Zero Identity
Username: Password:
[Forgot Password?] [Not Registered?]

Navigation

Navigation
Challenges
Media
Contribute

ZI Store Updates

Zi Store

Link to UsIf you'd like to become an affilate, please Link to Us!


Online Users

Registered Users: 2016
Latest Registration: yhamrodne
Online Users: 10
(0 Members, 10 Guests)

Poll

What should be done first on the ZI overhaul?
Find more staff (45%) [10 Votes]
Fix all bugs (36%) [8 Votes]
Make new features (not challenges) (9%) [2 Votes]
Get more content (challenges etc) (9%) [2 Votes]

[Poll Archive]

If your shout contains ! in the begining, your links will not be clickable.
If you enter the user's full username, it will be highlighted just for that user.Shoutbox

Kr0wKr0w

Avatar

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (16 day(s) ago)
The crashed tables for registration and other stuff is easy to fix (using the Mysql command "REPAIR TABLE").
Kr0wKr0w

Avatar

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (17 day(s) ago)
Link Bugs List
ttyler333ttyler333
php coder
Avatar

Last Login:
0000-00-00
Joined:
May 09 2008 01:45
Experience:
1095.2 (18 day(s) ago)
according to a friend the registration doesn't work.
Hunter XHunter X

Avatar

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (18 day(s) ago)
Oh hey, the site's back! :)
hack4uhack4u
ZI Owner
Avatar

Last Login:
0000-00-00
Joined:
March 30 2008 22:30
Experience:
20492 (19 day(s) ago)
Please do keep a list of all the bugs. They might eventually get fixed.. lol.
Hunter XHunter X

Avatar

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (01 month(s) ago)
What we could do is start compling a list of bugs on the Tasks page, so if and when development resumes the developers know what needs doing.
Kr0wKr0w

Avatar

Last Login:
2012-01-20
Joined:
December 11 2009 01:08
Experience:
2 (02 month(s) ago)
Kewl, the domain renewed another year. :) Any other future plans?
Hunter XHunter X

Avatar

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)
Huh, Kr0w's posts disappeared.
Hunter XHunter X

Avatar

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)
I've got no idea. I'll send off an email to one of the admins in a moment to check, since I've been meaning to contact them anyway.
Hunter XHunter X

Avatar

Last Login:
0000-00-00
Joined:
September 25 2010 15:44
Experience:
0 (02 month(s) ago)
There seems to be ~10 guests on most days, but I have no idea if that's genuine users or crawler bots. If they are real users we need to do something to convince them to register.
[Shoutbox Archive]


Icon Zero Identity Forums - General - Web Security - Securing the cms


Are you bored? Check out the unaswered threads!

-Fbi-
Member
Female Body Inspector ;)

Avatar
Trainee

Joined: 12/27/2008
Last Seen: 0000-00-00
Experience: 66.3
Points: 165
#1 Securing the cms on 01/01/1970 00:00
Right, im making a project with my school m8, and we will be using php-fusion 6th version :D Yes yes... php-fusion. I know its crap but its only cms that has all the functions. And i mean look at this www.grafa.biz this is extreme-fusion heavily modded.
We will mod ours up as well, it will be graphics and programming website, SO i would like some advice where should i start securing the system. Because it has alot of gaps where people can hack into easy.
-----------------------------------
Grindordie
Administrator
Software Engineer

Avatar
ZI Guru

Joined: 11/04/2007
Last Seen: 0000-00-00
Experience: 1207.57
Points: 1100
#2 on 01/01/1970 00:00
PHP-Fusion is a great CMS, it has its security flaws like any other open-source CMS out there.

I would begin by altering the password hashing function and salting the passes. Possibly use sha2 as the encryption method.
That's not a bug, that's an unexpected feature

phpFort - light-weight content management system.
tancurrom
Veteran Member
Nibble

Avatar
Advanced Analyst

Joined: 04/03/2008
Last Seen: 2011-05-24
Experience: 532.4
Points: 450
#3 on 01/01/1970 00:00
I would start by using the most recent version (7)?
A Nibble = 1/2 a Byte

Image
hack4u
Administrator
ZI Owner

Avatar
ZI Guru

Joined: 03/30/2008
Last Seen: 0000-00-00
Experience: 20492
Points: 1285
#4 on 01/01/1970 00:00
Quote from Grindordie
PHP-Fusion is a great CMS, it has its security flaws like any other open-source CMS out there.

I would begin by altering the password hashing function and salting the passes. Possibly use sha2 as the encryption method.


yeah if you want to know how to secure PHPFusion listen to grind since he coded up HBH using Fusion as the template. they are pretty secure until Cheese starts coding and leaves them open :p

Image
Image
Grindordie
Administrator
Software Engineer

Avatar
ZI Guru

Joined: 11/04/2007
Last Seen: 0000-00-00
Experience: 1207.57
Points: 1100
#5 on 01/01/1970 00:00
No, it wasn't because of Cheese's coding.
The reason why HBH was hacked so many times is because it was always hosted on a shared host, and they were usually insecure.. Even if they restricted some php functions... whoever knew a little bit of Perl could bypass it.
That's not a bug, that's an unexpected feature

phpFort - light-weight content management system.


Who is watching forums


Users viewing this page: Guests (1)
Users viewing the forum: 0



© 2009 ZeroIdentity.org

Powered by phpFort © 2008
Page generated in 0.056 seconds. :: MySQL Queries: 12