I'm looking for something that is strong on security and full of features but would like to know what you all would recommend for running the directory? In your opinion, what is the absolute BEST directory script on the market?
when i bought my directory script, i had to choose between phpld and esyndicate. I choosed phpld, cause it was offering many features and options that esyndicate. And support for the phpld through forums was quite huge. I am not saying that esyndicate isn't good, i didn't try it until now.
Thanks guys, so so far PHPLD is ahead. I'm wondering about security. Have any of you oticed anything that would be something to think about in the way of not being secure? I ask because I have a 6 year old website that is "America Patriotic" in nature and EVERY time I tried anything database driven it got hacked with "Die America" type crap which is why I am so strong about the security side of the script. The site has the potential to reach a HUGE portion of American users on a daily basis but needs to be so secure I'm not sure I can get it done unless it is customized on the security side.
I have used both paid PHPLD and Esyndicat. I have chosen to use just Esyndicat. Although I had a paid spam module on the PHPLD (and used captcha) I still received tons of junk submissions. I do not get that sort of spam submissions with Esyndicat. Perhaps it's because I have most top level categories locked as well as have a lot of words banned. So my vote is for Esyndicat Pro.
I use PHPLD, there are plenty of ways to avoid the spam submissions if you choose to do so. PHPLD has many mods available and they support it very well. No security issues to report at this time.....
No one has mentioned eDirectory yet so that might as well get thrown out there too. Not sure about security with it though.
Contrary to what people think, phpLD is apparently susceptible to SQL injection and it seems as though it's 3.x related, but 3.3 specifically has been noted. The thread got delete from the phpld forums when a casual user simply asked about it. edit: here is the php link directory sql injection thread edit2: here is another reference to the phpld sql injection
THANK YOU! Those are the types of things I was thinking about. All I don't need is to spend the money and the next day find out the site got hit again by a "terrorist" hacker. Do you think it is possible to or even cost effective to have the script enhanced with security mods such as getting rid of those injections? I'm kind of leaning toward esyndicat but haven't heard of any security vulnerability's does anyone know of any?
If this script is so vulnerable, then why is this security issue reported on one site 30 days ago and the other simply an hour ago? It being posted in the pre-sales questions indicates you may not have access to the forum to post that information. And after looking in the forums a little it seems the majority of the complaints about security are dealing with version 2.0 (the free version) which is no longer supported.
Re-read what i said... the thread was deleted. I saved the page just in case any of my clientel run into it. As far as 'when' the thread was created, it was created as per my file's dates when saved: 12/31/2008 7:01AM Now regarding what you mention about 2.0. 2.0 if a free and really cared for a lot less. v3 is paid, and from what I have seen, a good many threads get deleted when someone complains. Surely no one would want to admit to selling a vulnerable script, now would they? Now as for the depths of the vulnerability, I don't know how deep it can go. I don't bother with injection. However, If it's reported, and confirmed, then it exists.
Things to look for in a good directory script. Security. Many directories are very easy targets for hackers. Spam protections. Simple Turin code scripts on both signup and also submission page. Not many around with that. If using for adsense, you need sub categories with adsense friendly urls. Ease of use and very clean legible display to encourage readership Oh and one last thing - go Niche with it.
I will go ahead an apologize now..... I did make a post in the PHPLD forum asking about the possible SQL injection and referencing the url provided by @an0n. I also made another post about something else, 2 hours later 1 post answered and the other deleted. At this time I would say screw PHPLD.... I have a paid version of this script and have paid for plenty of mods to the script and when I ask a valid question about the security of my directory the post is deleted! They apparently have a security issue they will be choosing to ignore.
A response: " Recreate it I have not recreated it AND if it was possible you would have to manually mis configure a php install OR change the settings to create a perfect storm so to say. Anything is possible on your own special install on your own computer I would also thank you to not post links to crap like that again. Guess you didn't read that did you? His supposedly requirements for it to 'work' " Keeping in mind that I did not post a live link, just a reference to the site. Hey, James why would you continue to delete these threads if it was untrue? Hope I didn't pi$$ you off to bad by reposting the question!!!!