[SATLUG] Preferred web frontend?

Tweeks tweeksjunk2 at theweeks.org
Sat Jun 14 00:21:32 CDT 2008


On Thursday 12 June 2008 11:18:08 pm FIRESTORM_v1 wrote:
[...]
> In the past I have used PHP-Nuke on my existing site
> http://www.theratshack.net but after the 4th time of deleting news
> articles where some idiot had SQL injected a zero delay HTTP redirect,
> I grew tired of it and reduced the site to regular HTML.

Dude.. you so need to be running apache's mod_security... 
See here for good overview notes:
	http://www.gotroot.com/tiki-index.php?page=Which+mod_security+rules

> Since I'm overhauling the server (currently running RH6.2,

Heh.. cool.. You get a wicked old system like that .. and after a while you 
stop getting hacked because no one remembers (or includes) attack vectors 
from the previous millennium.. ;)


> I've tried PHP-Nuke, and a friend of mine recommended another suite,
> Joomla, but I'm a bit apprehensive. 

PHPnuke was a major target in 2003.. in 2004/2005 it was phpBB, now Joomla's 
the hot target last I checked.  The fact is.. you still need to lock down 
your apache to reject the URL/SQL attempts.. period.  

> So, what are your recommendations?  Success?  Horror stories? Things
> that you wish you knew at the time but know now?

Check out that mod_security rule set of (by Scott Shinn).. Hot stuff.

Tweeks


More information about the SATLUG mailing list