Updated 12/19/2004 with NukeSentinel(tm) version 2.1.2
Updated 10/7/2004 with additions to Protector System
We have not evaluated these solutions, thus we leave the editorial for you in our Forums. We welcome corrections to the comparisons below, which were based on features noted in the documentation.
PHP-Nuke Security Tools | Admin Secure | Fortress™ | Intrusos | myNukeSecurity | NukeSentinel™ | NSN Secure Admin | Protector |
Version | 1.7 | 1.20 Beta | 2.0 | 1.01 | 2.3.0 | 1.1.1a | 1.15.b2 |
Requires | PHP-Nuke 5.5 to 7.40 |
Can be integrated with any PHP-based portal | PHP-Nuke | PHP-Nuke 6.5 to 7.3 |
PHP-Nuke 6.5 to 7.8 (24) |
PHP-Nuke 6.5 to 7.2 |
PHP-Nuke 6.5 to 7.4 |
Replaces | Includes updated Union Tap | Includes mySecureAdmin | Hackalert, IP Banner |
||||
Advertised Features | |||||||
Blocks Cross Site Scripting (XSS) | Yes 1 | Yes 2 | No | No | Yes | No | Yes |
Verify Admin account session from cookie | Yes | No | No | Yes 18 | No | No | Yes |
Insert Admin DEFINE for newer patched modules if not present |
No | No | No | No | Yes | No | No |
Use HTTP Authorization for Admin access, if available | Yes 20 | No | No | No | Yes 21 | No | No |
Compare admin account to "mirrored" table or valid IP Address | Yes | No | Yes | Yes | No 3 | Yes | Yes |
Admin acct changes require God admin approval | Yes | No | No | No | No | Yes | No |
Delete unapproved admins on Admin Panel | Yes | No | No | No | No 3 | Yes | No |
Admin account change notification | Yes | No | No | No | No | No | No |
Ban Level | Site / Server & modules | Site | Admin | Site | Site / Server | Admin | Site / Server & modules |
Ban by IP | Single, class or range 19 | Yes | No | Single or class | Single, class, or range | No | Single, class, or range |
Ban by User ID / Username | Yes | No 2 | No | No | No | No | Yes 4 |
Ban by Referer | No | No | No | Yes | Yes | No | Yes |
Ban by Proxy | Manual | Manual | No | Yes | Yes | No | Yes |
Ban Bots, Spiders, Harvesters | Yes | Manual | No | No | Yes | No | Yes |
Ban Expiration | Yes 5 | No | No | No | Yes | No | Yes |
Block SQL Injections | Yes 6 | Yes | No | Yes | Yes | No | Yes |
- Plaintext | Yes | Yes | No | Yes | Yes | No | Yes |
- Base64 | Yes | Yes | No | Yes | Yes | No | Yes |
- Hex | Yes | Yes | No | No | Yes | No | Yes |
- c-Like | Yes | Yes | No | No | Yes | No | Yes |
Block Bad HTML | Yes 6 | Yes | No | Yes | Yes | No | No |
Block Selected Request Methods | Yes | No | No | No | Yes | No | No |
Block Specified Strings from Database Queries | No | No | No | No | Yes | No | No |
DoS / Flood Protection | Yes | No | No | No | Yes | No | Yes 7 |
Santy Worm Protection | No | No | No | No | Yes | No | No |
Classless Inter-Domain Routing (CIDR) Support | No | No | No | No | Yes | No | No |
Fight Back | Notification | Notification 8 | Notification | Notification | PopUps On/Off 9 | No | Notification |
Auto Ban | On/Off | On/Off 10 | No | Yes | On/Off | No | Yes |
Ban Storage | database, .htaccess | htm,CSV 11 | database | log file | database, .htaccess | database | database, .htaccess |
Email Notification | Yes | Yes12 | No | On/Off | On/Off | On/Off | Yes |
Blocked Page | Html, error page 13 | html | hard-coded | hard-coded | html / template or forward | n/a | html or forward |
Banned Display | None provided | HTML, CSV | Module | Log file | Last 10 and Blocked IPs, Scrolling, Count | None provided | Banned IP Block, Site Info |
Admin Function | Yes | No | Yes | Yes | Yes | Yes | Yes |
Context-sensitive Help | No | No | No | No | Yes | No | Yes |
Protected IPs (testing) | Yes | Manual | n/a | Yes | Single or range | n/a | Yes |
Remove ban | Function | Manual | n/a | Manual | Function | n/a | Function |
Admin.php access attempt logging | Yes | No | Yes | Yes | Yes 22 | Yes | Yes |
Blocked module access attempt logging | Yes | No | No | No | No | No | Yes |
Performance Impact | DB Queries 14 | CSV Lookup 15 | DB Insert On Attack | Log file write on Attack | DB Queries 14 | DB Queries | DB Queries |
Additional Features | |||||||
Visitor logging | Yes | No | No | No | Yes 22 | No | Yes |
Remove inactive users | No | No | No | No | No | No | Yes |
Site Close / Open Admin Function | Yes | No | No | No | Yes | No | Yes |
Maximum Site Visitors | Yes | No | No | No | No | No | No |
Tracking System | Yes 16 | No | No | No | Yes 22 | No | Yes 17 |
Optimize & repair tables | Yes | No | No | No | Yes 23 | No | Yes |
Add Notes to logged IP addresses | No | No | No | No | Yes | No | Yes |
Download and upload banned IP addresses for sharing with other sites | Yes | No | No | No | No | No | No |
IP to Country Lookup | No | No | No | No | Yes | No | Yes |
List / Ban IP Ranges by Country | No | No | No | No | Yes | No | No |
Edit .htaccess file through Nuke admin | No | No | No | No | No | No | Yes |
Supports PHP-Nuke 7.7+ WYSIWYG Editor | No | No | No | No | Yes | No | No |
1 | index.php and modules.php | ||||||
2 | To be enhanced in future release of Fortress™ | ||||||
3 | A mirrored admin table exists, and could be used for this purpose with modifications | ||||||
4 | Select users to ban | ||||||
5 | For modules only, Ban expiration for entire site to be incorporated in future release of Admin Secure | ||||||
6 | “Deep Scanning” option | ||||||
7 | Hammer | ||||||
8 | Alligators | ||||||
9 | PC Killer available as an add-on template from GanjaUK.com | ||||||
10 | BanOnDemand™ | ||||||
11 | HTM for logging, CSV for banning; No database tables are required | ||||||
12 | Summary notification to pager and/or detail email notification | ||||||
13 | 400, 403, 404, 410 error pages | ||||||
14 | Using visitor tracking option can negatively impact performance | ||||||
15 | "Has been tested on a site passing 7.5 million page hits per month" | ||||||
16 | Affects Performance | ||||||
17 | Logs attempts after banning | ||||||
18 | All cookies are coded with md5 hash | ||||||
19 | Generates individual IP bans for IPs within ranges,which can only be entered on IP upload | ||||||
20 | Supports HTTP Admin Authentication only if PHP is compiled as an Apache module, rather than as a CGI module | ||||||
21 | Supports HTTP Admin Authentication if PHP is compiled as an Apache module OR as a CGI module | ||||||
22 | Via IP tracking module, which can impact performance | ||||||
23 | Database functions operate on all Nuke database tables, not just those required for protection | ||||||
24 | NukeSentinel authors currently recommend using versions of PHP-Nuke prior to 7.7 until security issues are addressed |