ik wrote:
On Saturday 29 October 2005 13:18, Marc Weustink wrote:
ik wrote:
On Saturday 29 October 2005 11:11, Marc Weustink wrote:
Thomas Zastrow wrote:
Florian Klaempfl wrote:
Lv wrote:
This is getting annoying..
Cant you guys just use Linux or BSD with ipchains or iptables.
If you want a firewall script let me know.
What is the connection to firewall exactly ?! Firewall is only a filter of
packets, not an "IPS" and it is not created to be one.
Defacement is made using security holes such as SQL Injection, Buffer
Overflows (that exists on the server for example), and any other type of
access to the system (File uploading as another example).
There are also possibilities that someone installed non standard program
that
opened a backdoor at the system itself. BTW If the "backdoor" is using
port
80 for example, then firewall will not block it.
The problem is probably postnuke but not the OS.
Then send Postnuke to hell .... if you need some help transforming the
content from Postnuke to a new solution, let me know.
The problem is not to create a static site, but the probmlem is to
update and maintain it. Lazarus used to have a simple DB generated
pages, but it missed some functionality which Postnuke offered.
We had 2 choices, spent time to develop yet another system (and do't
spend the time for Lazarus), or use something what is aready there.
Why not to use Drupal ? it's much better then PostNuke, and it's existed
Content Manager, with many more things to offer then PostNuke that have
more
holes then Swiss cheese ?
Who guarantiees that ?
Who guaranty me that Lazarus is bug free ? that's why we have malling list and
bug tracking systems.
If I look at the drupal site, it was at its early development when we
switched to postnuke (and maybe postnuke was as well)
So IMO it is yet another system, but does it mean that we need to change
whenever something else, maybe better looking, maybe more secure is
released ?
It takes a lot of time to migreate a site from one system to another. If
all was so easy, then all would have been done.
Well if it's more secure then the answer is yes! To say that because it's hard
to move from one type of content manager to another, and therefor you keep on
suffering from defacement, and the attackers may even found access to the svn
Which svn, where is the svn at the lazarus site ?
with write privileges, make fixing almost impossible, and therefor the move
for a new content manager is much better then staying with the current one,
and try to find out what was changed and fix that IMHO.
We (at www.securiteam.com) stopped reporting about issues with PostNuke and
phpBB because there are more holes then code... BTW phpBB creators claims
that in order to make better coding, they must rewrite everything from
scratch, without supporting older versions. I don't know if that the case for
PostNuke (if they are welling to rewrite it and how it will react with older
versions).
BTW Drupal comes with skins, so you can select something that is not looking
very good, if that's what bothering you :P
Don't keep your head in the dirt and hope for the best... try to make it
better.
it al requires time, time and yet more time, which isn't there.
Why, use drupal, it may be good, but before you switch you want to know
if there isn't anything better. This research costs *time*
Then if something better is found, then all the content has to be
migrated, this costs *time* to find out how, to test it etc.
Everybody can say what to do is these cases, we take t as advice, but in
the end there is only one who does the job (and thats not me)
Marc
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives