[SATLUG] Preferred web frontend?
tweeksjunk2 at theweeks.org
Sat Jun 14 00:21:32 CDT 2008
On Thursday 12 June 2008 11:18:08 pm FIRESTORM_v1 wrote:
> In the past I have used PHP-Nuke on my existing site
> http://www.theratshack.net but after the 4th time of deleting news
> articles where some idiot had SQL injected a zero delay HTTP redirect,
> I grew tired of it and reduced the site to regular HTML.
Dude.. you so need to be running apache's mod_security...
See here for good overview notes:
> Since I'm overhauling the server (currently running RH6.2,
Heh.. cool.. You get a wicked old system like that .. and after a while you
stop getting hacked because no one remembers (or includes) attack vectors
from the previous millennium.. ;)
> I've tried PHP-Nuke, and a friend of mine recommended another suite,
> Joomla, but I'm a bit apprehensive.
PHPnuke was a major target in 2003.. in 2004/2005 it was phpBB, now Joomla's
the hot target last I checked. The fact is.. you still need to lock down
your apache to reject the URL/SQL attempts.. period.
> So, what are your recommendations? Success? Horror stories? Things
> that you wish you knew at the time but know now?
Check out that mod_security rule set of (by Scott Shinn).. Hot stuff.
More information about the SATLUG