Plantes carnivores - Rossolis

Article Traduit en français et extrait du site :

http://www.freesoftwarereviews.org/modules.php?name=News&file=article&sid=2

PHP-Nuke Security Tools

Here is a comparison of the advertised features of 7 tools for protecting PHP-Nuke-based websites. Each tool has its own unique features to help you protect your Php-Nuke-based website. This comparison can help you choose among alternatives.

Updated 6/14/2005 with NukeSentinel(tm) version 2.3.0
Updated 12/19/2004 with NukeSentinel(tm) version 2.1.2
Updated 10/7/2004 with additions to Protector System

We have not evaluated these solutions, thus we leave the editorial for you in our Forums. We welcome corrections to the comparisons below, which were based on features noted in the documentation.

PHP-Nuke Security Tools	Admin Secure	Fortress™	Intrusos	myNukeSecurity	NukeSentinel™	NSN Secure Admin	Protector
Version	1.7	1.20 Beta	2.0	1.01	2.3.0	1.1.1a	1.15.b2
Requires	PHP-Nuke 5.5 to 7.40	Can be integrated with any PHP-based portal	PHP-Nuke	PHP-Nuke 6.5 to 7.3	PHP-Nuke 6.5 to 7.8 (24)	PHP-Nuke 6.5 to 7.2	PHP-Nuke 6.5 to 7.4
Replaces		Includes updated Union Tap		Includes mySecureAdmin	Hackalert, IP Banner
Advertised Features
Blocks Cross Site Scripting (XSS)	Yes 1	Yes 2	No	No	Yes	No	Yes
Verify Admin account session from cookie	Yes	No	No	Yes 18	No	No	Yes
Insert Admin DEFINE for newer patched modules if not present	No	No	No	No	Yes	No	No
Use HTTP Authorization for Admin access, if available	Yes 20	No	No	No	Yes 21	No	No
Compare admin account to "mirrored" table or valid IP Address	Yes	No	Yes	Yes	No 3	Yes	Yes
Admin acct changes require God admin approval	Yes	No	No	No	No	Yes	No
Delete unapproved admins on Admin Panel	Yes	No	No	No	No 3	Yes	No
Admin account change notification	Yes	No	No	No	No	No	No
Ban Level	Site / Server & modules	Site	Admin	Site	Site / Server	Admin	Site / Server & modules
Ban by IP	Single, class or range 19	Yes	No	Single or class	Single, class, or range	No	Single, class, or range
Ban by User ID / Username	Yes	No 2	No	No	No	No	Yes 4
Ban by Referer	No	No	No	Yes	Yes	No	Yes
Ban by Proxy	Manual	Manual	No	Yes	Yes	No	Yes
Ban Bots, Spiders, Harvesters	Yes	Manual	No	No	Yes	No	Yes
Ban Expiration	Yes 5	No	No	No	Yes	No	Yes
Block SQL Injections	Yes 6	Yes	No	Yes	Yes	No	Yes
- Plaintext	Yes	Yes	No	Yes	Yes	No	Yes
- Base64	Yes	Yes	No	Yes	Yes	No	Yes
- Hex	Yes	Yes	No	No	Yes	No	Yes
- c-Like	Yes	Yes	No	No	Yes	No	Yes
Block Bad HTML	Yes 6	Yes	No	Yes	Yes	No	No
Block Selected Request Methods	Yes	No	No	No	Yes	No	No
Block Specified Strings from Database Queries	No	No	No	No	Yes	No	No
DoS / Flood Protection	Yes	No	No	No	Yes	No	Yes 7
Santy Worm Protection	No	No	No	No	Yes	No	No
Classless Inter-Domain Routing (CIDR) Support	No	No	No	No	Yes	No	No
Fight Back	Notification	Notification 8	Notification	Notification	PopUps On/Off 9	No	Notification
Auto Ban	On/Off	On/Off 10	No	Yes	On/Off	No	Yes
Ban Storage	database, .htaccess	htm,CSV 11	database	log file	database, .htaccess	database	database, .htaccess
Email Notification	Yes	Yes12	No	On/Off	On/Off	On/Off	Yes
Blocked Page	Html, error page 13	html	hard-coded	hard-coded	html / template or forward	n/a	html or forward
Banned Display	None provided	HTML, CSV	Module	Log file	Last 10 and Blocked IPs, Scrolling, Count	None provided	Banned IP Block, Site Info
Admin Function	Yes	No	Yes	Yes	Yes	Yes	Yes
Context-sensitive Help	No	No	No	No	Yes	No	Yes
Protected IPs (testing)	Yes	Manual	n/a	Yes	Single or range	n/a	Yes
Remove ban	Function	Manual	n/a	Manual	Function	n/a	Function
Admin.php access attempt logging	Yes	No	Yes	Yes	Yes 22	Yes	Yes
Blocked module access attempt logging	Yes	No	No	No	No	No	Yes
Performance Impact	DB Queries 14	CSV Lookup 15	DB Insert On Attack	Log file write on Attack	DB Queries 14	DB Queries	DB Queries
Additional Features
Visitor logging	Yes	No	No	No	Yes 22	No	Yes
Remove inactive users	No	No	No	No	No	No	Yes
Site Close / Open Admin Function	Yes	No	No	No	Yes	No	Yes
Maximum Site Visitors	Yes	No	No	No	No	No	No
Tracking System	Yes 16	No	No	No	Yes 22	No	Yes 17
Optimize & repair tables	Yes	No	No	No	Yes 23	No	Yes
Add Notes to logged IP addresses	No	No	No	No	Yes	No	Yes
Download and upload banned IP addresses for sharing with other sites	Yes	No	No	No	No	No	No
IP to Country Lookup	No	No	No	No	Yes	No	Yes
List / Ban IP Ranges by Country	No	No	No	No	Yes	No	No
Edit .htaccess file through Nuke admin	No	No	No	No	No	No	Yes
Supports PHP-Nuke 7.7+ WYSIWYG Editor	No	No	No	No	Yes	No	No
1	index.php and modules.php
2	To be enhanced in future release of Fortress™
3	A mirrored admin table exists, and could be used for this purpose with modifications
4	Select users to ban
5	For modules only, Ban expiration for entire site to be incorporated in future release of Admin Secure
6	“Deep Scanning” option
7	Hammer
8	Alligators
9	PC Killer available as an add-on template from GanjaUK.com
10	BanOnDemand™
11	HTM for logging, CSV for banning; No database tables are required
12	Summary notification to pager and/or detail email notification
13	400, 403, 404, 410 error pages
14	Using visitor tracking option can negatively impact performance
15	"Has been tested on a site passing 7.5 million page hits per month"
16	Affects Performance
17	Logs attempts after banning
18	All cookies are coded with md5 hash
19	Generates individual IP bans for IPs within ranges,which can only be entered on IP upload
20	Supports HTTP Admin Authentication only if PHP is compiled as an Apache module, rather than as a CGI module
21	Supports HTTP Admin Authentication if PHP is compiled as an Apache module OR as a CGI module
22	Via IP tracking module, which can impact performance
23	Database functions operate on all Nuke database tables, not just those required for protection
24	NukeSentinel authors currently recommend using versions of PHP-Nuke prior to 7.7 until security issues are addressed

Posted on June 03, 2004 @ 12:39AM EDT by kguske