|Anyone Using PhpNuke Software|
PHP-Nuke Forum Software
We are looking at using new software to run our forum. I have a simple but specific question regarding software that current Forum Masters are using.
Is anyone using PHP-Nuke to run their forums and if so, what type of recommendation (be it postive or negative) would you give concerning the utilization of this particualr type of software.
Also I guess it would not hurt if others would lend their recommendations of software which Forum Masters should consider using. What do you think?
I await your responses.
PHPNuke will do the job, but if you just need a forum, then use just forum software.
If you aren't going to use PHPNuke's extra features, why bother with it? It generates bigger page files, takes more server time to generate a page, and I've seen some people get overwhelmed by the layout of the blocks.
If you will use the extra features of PHPNuke, then go for it. And also check out alternatives like Drupal or Geeklog.
One good choice would be Geeklog with its forum plugin.
I use discus. They have a nice free version which has served me for years. It's in perl and is a mature product.
Im moving 100% away from phpNuke, too many hacks to deal with. Should be coded more with security in mind.
I'm interested in your comments about moving 100% away from Php-Nuke.
I don't wan't to assume anything from your comments, however, it seems that you have had some "Not So" favorable issue (if I can use those words) with Php-Nuke. Would you care to expound upon them?
There's been kind of a buzz about security issues with PhpNuke, which might be a partial answer to your question, klickman - can anyone comment on whether there's anything to this issue, and whether the current distribution is reasonably secure?
PHP-Nuke and security:
My BBS is hosted off a server that's run (as a hobby) by a friend who's in the security business, as a project manager for one of the "big" security companies (he rose out of tech side - he knows what he's doing, he's not an MBA type project manager).
I asked him once if he could set aside a PHP directory for me, so I could play with and familiarize myself with PHP-Nuke, and a few other PHP packages in general.
He told me he would do it quite readily, in about 10 years when the security issues got worked out with PHP in general.
Its not just Nuke, aparently, there are a lot of issues with PHP in general. Nuke is just gaining a really bad rap because its widespread among the script kiddies, who use it and mod it heavily, taking a moderately unsecure platform, and opening up gaping big holes by tinkering with it in un-intelligent ways.
did a quick search:
gives a STAGGERING list of PHP-Nuke vulnerabilities.
A couple of specific ones:
NB: All the security wonks I know swear by Perl related apps for dynamic pages, BBSes, and such.
What an interesting response. I think that you may have opened up a "Can of Worms!" However, I must say an "Intersting Can of Worms" at that.
I must admit. At this point I think I need to take a step back and look at at the type of software that we want to use more closely.
Now the issue is whether Php,Cgi or any other format for that matter, what is going to be suitable for our forum in terms of forum security and reliability?
I guess the other related question regarding this matter is (and trust me it hasn't been dealt with yet) Is PhpNuke secure or stable enough to ward off attacks?
I believe any software is subject to attacks if given the zealous hacker time and reason.
The question that keeps popping in my mind is "Is PphNuke stable enough to run a forum?" If not why? I am sure that there must be a couple of PhpNuke users here who can shed some light on their experiences with this software...right? I sure hope so!
OH! I don't mean to slage Nuke by any means. The only reason I know there were security issues at all, is because I found the software fascinating, and was thinking of giving it a try.
There are a lot of successfull Nuke sites out there. From what I can gather, security wise, the issues are thus:
If you're putting it on your own server, best to brush up on your server security info. Nuke is going to create some holes that weren't there before, but by and large, there holes that can be plugged, from server side.
If you're putting it on a "hosted" server, make sure its PHP friendly. If so, then those server admins are prolly well aware of any security issues involved, and are actively seeking to confront those issues.
Stability: The Nuke sites I've seen seem quite stable, quick and responsive. But this is an outsider's view.
My Security Wonk Friend: Is paranoid to the power of 40. That's his job. Keep that in mind.
Please be advised that i have not read 100% of the replies in this thread as i am out of time righ tnow...
I just wanted to give you a suggestion and that is:
STAY AWAY FROM PHPNUKE. lol
I have had nothing but problems with it from day 1.
Now if u have a phpnuke install and leave it stock, that might be a totally different story, but if u will be modding it, changing themes, trying to hack the forum it comes with (phpbb) u will have a SERIOUS load of problems.
My advise is to try something else that is more specfic to what u are doing.