System security checks

[binolandia]

Ciao ha fatto girare l'analyze per vericficare che il mio sito fosse sicuro e questi sono i risultati...mi devo preoccupare??

PHP Version Reason For Vulnerability
4.3.11 Your Server may be vulnerable to Cross-site Scripting in PHP's Transparent Session ID Support. Versions prior to 4.3.2 are affected. Tell your host to read the SecurityFocus report by clicking --> here. Until that is resolved, PHP-Nuke should be the least of your worries.
AFFECTED VERSIONS: Constraints
4.3.0 and 4.3.1 with php.ini containing session.use_trans_sid=1
4.2.0 to 4.2.3 without php.ini, or with php.ini containing session.use_trans_sid=1(php.ini-dist and php.ini-recommended from the PHP source distribution had use_trans_sid=1 from 4.2.0 to 4.2.2, and use_trans_sid=0 for 4.2.3 and later versions.)
prior to 4.2.0 compiled with --enable-trans-sid and with session.use_trans_sid=1
FIXED VERSIONS: Suggestion
4.3.2 or later Backup your system and upgrade PHP, also read the article at SecurityFocus. Solution 1 from Security Focus: Click, Solution 2 from thathost: Click. Solution 1 suggests the use of mod_security, which is an Apache module discussed at Nuke Cops: Here



WARNING! WARNING! WARNING! Your phpbb2 forums are at Risk!
Version Reason For Vulnerability
2.0.14 The phpBB group at phpBB.com frequently update their forums software to eliminate known vulnerabilities and exploits. Analyzer has found that your forums port is not the newest release: 2.0.4. Please visit http://nukecops.com in order to obtain an upgrade package to 2.0.4. By not staying current in phpBB upgrades you leave your forums open to attack. The choice to upgrade, backup, or stay at current version is 100% completely yours, all we have done is alerted you to it.

[gve]

Ma con cosa hai fatto la verifica?

Leggi bene il report:

php 4.3.11 precedente al 4.3.2? Ovviamente no, quindi il baco non ti interessa.

e:

ultima versione di phpbb e` la 2.0.4 , mentre tu hai la ormai obsoleta 2.0.14, uscita un mese fa e soo da pochi giorni rimpiazzata dalla 2.0.15? Ovviamente anche qua non tornano i conti.

Quindi, le avvertenze dell'analyzer che hai usato le puoi cestinare: o non e` aggiornato lui ho ha grossi roblemi ed e` quindi inaffidabile.

[makpaolo]

alla fine dice che è il nuke e il phpbb a non essere sicuri.
come sempre consigliamo di controllare periodicamente la presenza di upgrade o fix.

[binolandia]

mmm in effetti non so quanto sia obsoleto l'analyzer, mi sa che è lui che dice fregnacce allore...
Io ho l'ultima release di phpnuke, la 7.7 !

Thank's