Is the free version po PHPLD secure against hackers.

Just wondering. I here alot of directories and php script based website get hacked these days.

I run the free version of PHPLD, is this as secure as tha paid versions.

It has enough features for my purposes, but It needs to be as secure as possible.

Thanks

 

Nothing is secure. Microsoft has 10 thousand employees working on software for 5 years and it's still not secure. Google's pages aren't secure.

Even paid for versions won't be of much help when you do get hacked.

 

tops30 pretty much summed it up in saying that; 'nothing is safe'

 

Security is always a matter of degree. You can be more or less secure, but never 100% safe, without being off the web entirely. PhpLD's popularity makes it a target, simply because if anybody succeeds in finding a hack then it's a big prize: thousands of directories that they can take over as a result. It's the same with PhpBB.

Quite often it's not the software itself that creates insecurities, but the user. Make sure you keep up with the latest patches, choose secure passwords, and follow installation instructions fully, deleting any files that you are supposed to.

 

... And make sure you do regular backups of your files and database.
That way if something nasty happens you can simply upload your backup and you're back in business.

 

Also check out this serious security vulnerability in the free version here http://www.smilehouse.com/advisory/phplinkdirectory_070121.txt

 

I reported that several months back in my blog and on DP. As you can see in the DP thread, it has been fixed in PLD v2.1. You can patch PLD version <2.1 using the script in my blog, upgrade to 2.1 or upgrade to 3.1 (<--Recommended option). The workaround recommended by SmileHouse (not yours I hope!) is oddly out of date given it was just released on 1/21/07.

So, to answer the original poster's question, it is relatively secure if you are running 2.1 or higher. As everyone else pointed, security is a reltive concept and not an absolute state. It has no serious known vulnerabilities. That doesn't mean they don't exist, just that they are not known. It could be that there are none and that's why no one knows of any, but no one will ever bet money on that.

 

I am using 2.x version and i dont have any problems so far.. I hope it wont be

 

Yes, Tim Myth gave a good reply.
What the exploit did was cause a link to be approved if the admin moused over a link. A fix was quickly released when we found out about it.

In 3.10 we did a pretty major security audit and made some additional improvements. We will be continuing to check everything every time we make a release.

So far I think our record is pretty good (knock on wood!)

 

Thanks for the info!!
Great advice.
Cheers