Updating and Patching

[Slayer]

My Thanksgiving Security Project has been this thusfar:

-Update from PHP-Nuke 7.8 to PHP-Nuke 7.8 Patched 3.1
-Update BBtoNuke 2.0.15 to 2.0.16 to 2.0.17 to 2.0.18
-Installed NukeSentinel 2.42 for Hacker Protection
-Installed NukeWeather 3.02 Weather Module
-Installed Backend RSS 2.0 upgraded from 0.91. Linked on footer and in -=Information=- Block.
-Installed Backend Downloads RSS 0.91. Linked on footer and in -=Information=- Block.
-Avatars may now be uploaded or linked offsite.
-Ranks and Rank Images

[Slayer]

New year, more updates:

-Update BBtoNuke 2.0.18 NP to 2.0.19 NP

[Fix] corrected index on session keys table under MS SQL
[Fix] added session keys table to backup
[Fix] delete session keys entries when deleting user
[Fix] changes to support MySQL 5.0
[Fix] changes to some of the admin files to improve efficiency and remove a potential error condition when building the menu
[Fix] change truncation of username length in usercp_register.php - BFUK
[Fix] incorrect path to avatars in admin_users.php (Bug #667)
[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez
[Fix] fixed captcha for those not having the zlib extension enabled
[Change] Placed version information above who is online in admin panel for better visual presence
[Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode
[Sec] fixed XSS issue (only valid for Internet Explorer) if html tags are allowed and enabled
[Sec] added configurable maximum login attempts to prevent dictionary attacks

[Slayer]

-Update BBtoNuke 2.0.19 NP to 2.0.20 NP

The changelog (contained within this release) is as follows:

* Prevent login attempts from incrementing for inactive users
* Do not check maximum login attempts on re-authentication to the admin panel - tomknight
* Regenerate session keys on password change
* retrieving category rows in index.php (Bug #90)
* improved index performance by determining the permissions before iterating through all forums (Bug #91)
* Better handling of short usernames within the search (bug
#105)
* Send a no-cache header on admin pages as well as normal board pages (Bug #149)
* Apply word censors to the message when quoting it (Bug #405)

* Improved performance of query in admin_groups (Bug #753)
* Workaround for an issue in either PHP or MSSQL resulting in a space being returned instead of an empty string (bug #830)
* Correct use of default_style config value (Bug #861)
* Replace unneeded unset calls in admin_db_utilities.php - vanderaj
* Improved error handling in modcp.php
* Improved handling of forums to which the user does not have any explicit permissions - vanderaj
* Assorted fixes and cleanup of admin_ranks.php, now requires confirmation of deletions
* Assorted fixes and cleanup of admin_words.php, now requires confirmation of deletions
* Addition and editing of smilies can no longer be performed via GET, now requires confirmation of deletions
* Escape group names in admin_groups.php
* Replace strip_tags with htmlspecialchars in private message subject
* Some changes to HTML handling if enabled
* Escape any special characters in reverse dns - Anthrax101
* Typecast poll id values - Anthrax101
* Added configurable search flood control to reduce the effect of DoS style attacks
* Changed the way we create "random" values for use as keys -
chinchilla/Anthrax101
* Enabled Visual Confirmation by default
* Changed handling of the case where a selected style doesn't exist in the database
* Changed handling of topic pruning to improve performance
* Changed default forum permissions to only allow registered users to post in new forums

[Slayer]

When I did the latest patch it broke the Quote function. It is now fixed throught a minor code change.

[Slayer]

- Installed Quick Reply MOD for the Forums.

MOD Description: This MOD provides a convenient function, which allows users to quickly reply to topics without loading the posting page. Simply speed up the response time and reduce the useless loading.

MOD Version: 1.3.1

- Removed old Forums RSS from left blocks

- Installed Scrolling Forums RSS from NukeCops.com

This Block shows the last 20 topics where a message was posted, along with the username of the last poster and the day and time of the post. It will also show smileys in the topic titles thanks to the smileys.php file found in Leo Tan Block Forums version.

If you click a link you wont have to re login.

[Slayer]

- Installed RvH_Userinfo_2.0 block on the left side.

[Slayer]

- Updated NukeSentinal(TM) from 2.4.2 to 2.4.2pl5

2.4.2pl5 CHANGES (2006-04-04):
+ Added alt and title to image tags for compliance.
+ Updated the "Scan for New Admins" routine.
+ Updated the main configuration routine.
+ Updated XSS attack filters

2.4.2pl4 CHANGES (2006-02-11):
+ Fix for Force NukeURL.
+ Fix for Flood system.
Thanks to technocrat for these fixes!

2.4.2pl3 CHANGES (2006-01-10):
+ CGI Auth fix to correct the NukeSentinel(tm) username written to .staccess file.

2.4.2pl2 CHANGES (2005-12-16):
+ Enhanced - NukeSentinel(tm) SQL Injection exploit fix

2.4.2pl1 CHANGES (2005-12-10):
+ NukeSentinel(tm) SQL Injection exploit fix

[Slayer]

- Updated the Statistics Module to contain download stats.

[Slayer]

Renamed the For Sale Section to Buy, Sell, or Trade. The new name feels more appropriate to what is actually taking place int the forum.

[Slayer]

- Reduced Forums Scrolling Block to 10 most recent posts
- Resized Flash Site Nav to better fit the skin for more cosmetic appeal.
- Updated NukeSentinel(tm): Upgrade 2.4.2pl5 to 2.4.2pl9
- Updated BBtoNuke 2.0.20 NP to BBtoNuke 2.0.21 NP
- Fixed the Shout box Scroll Up, Scroll Down, and Pause images to show up on a black background. When you mouse over the images you will do that function.
- Switched User Info Blocks to User Info Block v0.3.1 with a few custom edits.
- Added Link to NPC's Blog in the -=Information=- Block on the right side. With a gif by -=Impaler=-.

NOTE:
quick reply mod wont be working until i reapply it. be patient im am tired at the moment and i couldnt get the new version working on BBtoNuke 2.0.21 NP.

[Slayer]

- Updated NukeSentinel(tm): Upgrade 2.4.2pl9 to 2.5.0.0

[Slayer]

- Downgraded from PHP-Nuke 7.8pl3.1 to RavenNuke76

[Slayer]

- Modified -=Forums=- RSS block to avoid the Forums from being loaded into the block and scrolling when using Mozilla, Firefox, and Konqueror. I did this by removing the style tags from the html.

[Slayer]

- Installed a new Admin Login Block in the upper left. If anyone but me logs into that block they could get banned after a few tries.

- Updated the Flash Navigation with more links. Anything with a by it is new to the Flash Nav.

Main:

Home - The -=Slayfest=- Homepage

FAQ - The Official -=Slayfest=- FAQ

Forums - The Official -=Slayfest=- Forums where you can get all the latest info.

Legal - -=Slayfest's=- Legal info, Privacy Policy, and Terms of Use.

Articles and Authors - Information about Articles and who wrote them.

News - News from the Homepage

Topics - Topics for News.

Shout Box - Chat in the upper right block on the homepage.

Statistics - The Stats for people who visit the site.

Stories Archive - old News Stories


Content:

Calendar - Sometimes we post LAN dates here along with B-Days

Downloads - Download -=Slayfest=- Content here.

Flam Player Flash MP3 PLayer

Flash Media Player - -=Slayfest Videos=-

Gallery - Pics from each LAN along with Scores and Quakecon.

IRC Channel - Java Based IRC chat

Links - Links to Sites

Nuke Sentinel(tm) - The Security Gaurd for our Website

Nuke Weather(tm) - Weather for Lansing

Top 10 - Top Ten stats for a few categories

Members:

Account - Settings for your account.

Groups - New -=Slayfest=- Groups

Journal - Users can make journal entries and you can read them

Members List - The list of all -=Slayfest=- Members

Private Messages - Private Messages that run from phpbb on the forums.

Recommend Us - Email a friend about -=Slayfest=-

Submit Feedback - Tell us all your comments, suggestions, and concerns.

Submit News - Submit stories to the homepage.

[Slayer]

- Removed old -=Forums=- block from the homepage
- Added new Recent Posts v2.3.1