Tools Sicurezza PHP-Nuke
Comparazione Tools di Sicurezza
Here is a comparison of the advertised features of 7
tools for protecting PHP-Nuke-based websites. Each tool has its own unique
features to help you protect your Php-Nuke-based website. This comparison can
help you choose among alternatives.
NOW INCLUDES SENTINEL 2.0.2, Intrusos 2.0 and myNukeSecurity 1.01, and
corrections to AdminSecure 1.7
We have not evaluated these solutions, thus we leave the editorial for you in
our Forums.
We welcome corrections to the comparisons below, which were based on features
noted in the documentation.
| PHP-Nuke Security
Tools |
Admin
Secure |
Fortress™ |
Intrusos |
myNukeSecurity |
NukeSentinel™ |
NSN
Secure Admin |
Protector |
| Version |
1.7 |
1.20 Beta |
2.0 |
1.01 |
2.0.2 |
1.1.1a |
1.15.b2 |
| Requires |
PHP-Nuke
5.5 to 7.40 |
Can be integrated with any
PHP-based portal |
PHP-Nuke |
PHP-Nuke
6.5 to 7.3 |
PHP-Nuke
6.5 to 7.5 |
PHP-Nuke
6.5 to 7.2 |
PHP-Nuke
6.5 to 7.4 |
| Replaces |
|
Includes updated Union Tap |
|
Includes mySecureAdmin |
Hackalert,
IP Banner |
|
|
| Advertised
Features |
|
|
|
|
|
|
|
| Blocks Cross Site
Scripting (XSS) |
Yes 1 |
Yes 2 |
No |
No |
Yes |
No |
Yes |
| Verify Admin
account session from cookie |
Yes |
No |
No |
Yes 18 |
No |
No |
Yes |
| Use HTTP
Authorization for Admin access, if available |
Yes |
No |
No |
No |
Yes |
No |
No |
| Compare admin
account to "mirrored" table or valid IP Address |
Yes |
No |
Yes |
Yes |
No 3 |
Yes |
Yes |
| Admin acct
changes require God admin approval |
Yes |
No |
No |
No |
No |
Yes |
No |
| Delete unapproved
admins on Admin Panel |
Yes |
No |
No |
No |
No 3 |
Yes |
No |
| Admin account
change notification |
Yes |
No |
No |
No |
No |
No |
No |
| Ban Level |
Site / Server & modules |
Site |
Admin |
Site |
Site / Server |
Admin |
Site / Server & modules |
| Ban by IP |
Single or range |
Yes |
No |
Single or Range |
Single or Range |
No |
Single or range |
| Ban by User ID /
Username |
Yes |
No 2 |
No |
No |
No |
No |
Yes 4 |
| Ban by Referer |
No |
No |
No |
Yes |
Yes |
No |
Yes |
| Ban by Proxy |
Manual |
Manual |
No |
Yes |
Yes |
No |
Yes |
| Ban Bots, Spiders,
Harvesters |
Yes |
Manual |
No |
No |
Yes |
No |
Yes |
| Ban Expiration |
Yes 5 |
No |
No |
No |
Yes |
No |
Yes |
| Block SQL
Injections |
Yes 6 |
Yes |
No |
Yes |
Yes |
No |
Yes |
| - Plaintext |
Yes |
Yes |
No |
Yes |
Yes |
No |
Yes |
| - Base64 |
Yes |
Yes |
No |
Yes |
Yes |
No |
Yes |
| - Hex |
Yes |
Yes |
No |
No |
Yes |
No |
Yes |
| - c-Like |
Yes |
Yes |
No |
No |
Yes |
No |
Yes |
| Block Bad HTML |
Yes 6 |
Yes |
No |
Yes |
Yes |
No |
No |
| Block Selected
Request Methods |
Yes |
No |
No |
No |
Yes |
No |
No |
| Block Specified
Strings from Database Queries |
No |
No |
No |
No |
Yes |
No |
No |
| DoS / Flood
Protection |
Yes |
No |
No |
No |
Yes |
No |
Yes 7 |
| Fight Back |
Notification |
Notification 8 |
Notification |
Notification |
PopUps On/Off 9 |
No |
Notification |
| Auto Ban |
On/Off |
On/Off 10 |
No |
Yes |
On/Off |
No |
Yes |
| Ban Storage |
database, .htaccess |
htm,CSV 11 |
database |
log file |
database, .htaccess |
database |
database, .htaccess |
| Email
Notification |
Yes |
Yes12 |
No |
On/Off |
On/Off |
On/Off |
Yes |
| Blocked Page |
Html, error page 13 |
html |
hard-coded |
hard-coded |
html / template or forward |
n/a |
html or forward |
| Banned Display |
None provided |
HTML, CSV |
Module |
Log file |
Last 10 and Blocked IPs |
None provided |
Banned IP Block, Site Info |
| Admin Function |
Yes |
No |
Yes |
Yes |
Yes |
Yes |
Yes |
| Context-sensitive
Help |
No |
No |
No |
No |
Yes |
No |
No |
| Protected IPs (testing) |
Yes |
Manual |
n/a |
Yes |
Yes, via Protected Admins |
n/a |
Yes |
| Remove ban |
Function |
Manual |
n/a |
Manual |
Function |
n/a |
Function |
| Admin.php access
attempt logging |
Yes |
No |
Yes |
Yes |
No |
Yes |
Yes |
| Blocked module
access attempt logging |
Yes |
No |
No |
No |
No |
No |
Yes |
| Performance
Impact |
DB Queries 14 |
CSV Lookup 15 |
DB Insert On Attack |
Log file write on Attack |
DB Queries |
DB Queries |
DB Queries |
| Additional
Features |
|
|
|
|
|
|
|
| Visitor logging |
Yes |
No |
No |
No |
No |
No |
Yes |
| Site Close / Open
Admin Function |
Yes |
No |
No |
No |
Yes |
No |
Yes |
| Maximum Site
Visitors |
Yes |
No |
No |
No |
No |
No |
No |
| Tracking System |
Yes 16 |
No |
No |
No |
No |
No |
Yes 17 |
| Optimize &
repair tables |
Yes |
No |
No |
No |
No |
No |
Yes |
| Add Notes to
logged IP addresses |
No |
No |
No |
No |
Yes |
No |
Yes |
| 1 |
index.php and modules.php |
| 2 |
To be enhanced in future
release of Fortress™ |
| 3 |
A mirrored admin table exists,
and could be used for this purpose with modifications |
| 4 |
Select users to ban |
| 5 |
For modules only, Ban
expiration for entire site to be incorporated in future release of Admin
Secure |
| 6 |
“Deep Scanning” option |
| 7 |
Hammer |
| 8 |
Alligators |
| 9 |
PC Killer available as an
add-on template from GanjaUK.com |
| 10 |
BanOnDemand™ |
| 11 |
HTM for logging, CSV for
banning; No database tables are required |
| 12 |
Summary notification to pager
and/or detail email notification |
| 13 |
400, 403, 404, 410 error pages |
| 14 |
Using visitor tracking option
can negatively impact performance |
| 15 |
"Has been tested on a
site passing 7.5 million page hits per month" |
| 16 |
Affects Performance |
| 17 |
Logs attempts after banning |
| 18 |
All cookies are coded with md5
hash |
Tratto da:
http://www.freesoftwarereviews.org
by kguske Copyright © by http://Lan.altervista.org All Right Reserved. Pubblicato su: 2004-09-16 (421 letture) [ Indietro ] |
Discussioni
News-Foto
Contenuti 1
Contenuti 2
Info
Utility-Giochi
Statistiche
Ciclismo
Software
