onlinedesignz writes "A news public theme titled : Sharp has been added to OnlineDesignz. Inside you will find a logo photoshop file so that you can have your own matching logo for this theme. This theme is a dark purple theme and is very nice and clean and loads fast. You can download it here. Forums will be added as a upgrade for this theme later."

corky writes "We have a theft who stole my domain and new site....I am the owner of phpnukerz which is now http://phpnuke.killerhosting.us and I can't get the domain back I have called the domain place...His name is Matthew and he was the owner of unithost.net before he got his site shutdown for giving free hosting....And now wanted to start a theme site with me using nukerz as the domain and I gave him info to help me change the nameserver and he stole my domain.....So this guy is very bad, and I will be redoing Nukerz and will buy a domain somehow....So bare with me....and do not trust this guy."

Anonymous writes "

Nigerian Scam Artist using PHPNuke sites to spam.

Over the past 15 days I have been tracking a user who has been using PHPNuke's 'Webmail' module to send UCE (spam) messages"

Paul writes "In an attempt to prevent scripted bots from either generating new user accounts or attempting brute force password cracking against PHP-Nuke portals, the security graphic had been added in several versions ago. To establish an understanding of what that is, here is an image:

"

Does PHP-Nuke Make the Grade?

by Paul Laudanski, AKA Zhen-Xjell
January 19, 2004

Its almost been a full year since I dreamed about PHP-Nuke. One question that I had on my mind was whether or not PHP-Nuke could make the grade, so to speak. Lets face it, when I first opened up a PHP-Nuke portal the traffic to my site was scarce. But back then the prevailing question was, did I have the right content that would inspire folk to register and stick around -- contributing and growing the site? So the underlying concern of the portal's engine handling any sort of volume was far from my mind. Instead, I eventually focused on this site.

TITLE:
phpSecureSite SQL Injection Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9563/

phpBB Cross Site Scripting Vulnerability

TITLE:
phpBB Cross Site Scripting Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9567/

Francisco Burzi, the author of PHP-Nuke, was advised about this a couple weeks ago. So please also take this into consideration on your current site as well.

Basically there is no check on the $referer variable when inserted into the backend database. This could allow attackers to hijack the administrator's cookie that contains login and password information.

The fix should be applied to the next release of PHP-Nuke (either the current RC3 or next). The exact coding may vary pending on your version of PHP-Nuke, but look for this around line 24 of "index.php":

Anonymous writes "I have design a very simple ip block. The installation is very easy.

There are 2 different ones.

first one that redirects banned person off your site to any address you choose.

second one puts them on custom banned page where they can contact webmaster."

The exploits claim to work only on webhosts that do not have "magic_quotes_gpd" in the php.ini file set to "On". A discussion is available in our forums.