[SATLUG] My new site...would like some feedback
Hector Bojorquez
hector.bojorquez at gmail.com
Mon Oct 9 14:23:37 CDT 2006
Joomla/Mambo .... Good useful CMS software.
But....Crackers can own your box if you're not careful--- even if you take
all the "usual" precautions.
Keep an eye out for all updates.....secunia.org does a decent job of sending
alerts. Of course Joomla/Mambo does too... but sometimes you have to keep a
close eye on forums in order to see potential problems coming.
Configure your php.ini NOT to accept the passthru directive...you CAN have
php.ini in your directories if this is a shared server-- But
httpd must be restarted for changes to take place. (there are many php
directives that should be banned from use but banning mkdir, chown and
chmod make it difficult to install modules and components... the best thing
to do, if you have ssh access, is to shutdown httpd, allow ALL the
directives (default), restart httpd, install what you need, stop httpd,
disallow almost everything that is potentially dangerous, and restart
httpd.ini
Keep an eye on your logs
If you install SEF components or Facile form components...be VERY careful
that you are installing the latest version and that you are aware of any
security problems.... BOTH of those components left boxes WIDE open a few
months ago.... all is well now though
On 10/9/06, Justizin <justizin at siggraph.org> wrote:
>
> On 10/9/06, R. Tyler Ballance <tyler at bleepsoft.com> wrote:
> >
> > On Oct 9, 2006, at 10:50 AM, Eli Cantu wrote:
> >
> > > Pretty snazzy.
> >
> > I agree, but honestly, am I the only one who thinks that this
> > embodies the spirit of open source? :P
> >
> > "Well, I couldn't remember for the life of me how to do $THING in
> > ipfw, so i spent the weekend writing some code and wrote a new
> > firewall that does $THING 12x more efficiently than ipfw"
> >
>
> The story should include beer, even if it's not free. ;)
>
> --
> Justizin, Independent Interactivity Architect
> ACM SIGGRAPH SysMgr, Reporter
> http://www.siggraph.org/
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> Powered by Rackspace (www.rackspace.com)
>
More information about the SATLUG
mailing list