ik wrote:
I will not argue with you. But everything is about time. Fixing over and over
again web site that was attacked, is usually harder to fix that.
As was stated the move to another system would be very time consuming
and I don't know if it would be any better. I have several custom
modules written for PostNuke for this site which would have to be
rewritten for another system.
First of all you do not know when the attacker actually gained access. You
only know when the attacker choose to show you that he/she have access to the
site/server.
I have investigated the issue each time in an attempt to determine their
means of attack. Also understand that this is not the only site I host.
During these attacks some get hit others don't. This time it wasn't just
PostNuke sites that were hit. Static sites were also affected. Unless I
can determine exactly what the hole is moving to another CMS is not
necessarily the answer.
Drupal is not the only choice, but the last time I did the research (for
myself BTW), it was the best choice out there for Dynamic Content manager.
There is a difference between just dynamic content and dynamic content
that can be changed and added by users.
There is also a possibility of using static approach, and that using the
PostNuke Database and render static HTML pages. but that takes time to do as
well.
Some of that is how it is currently done and as I pointed out above some
static sites were hit as well.
As to the time to fix things that is quick. In all of these attacks
there is one and only one file affected. Index.php or index.html.
That is the only file affected. The site as a whole isn't attacked they
just deface the first page.
The trick is to determine what hole is open that is letting them modify
that file. I have been working on that. Every time I think I have things
buttoned up something else gets in.
(BTW the company I'm working at, offered twice the services for helping
solve the problems of Lazarus for free, but the decision was made not to
accept it).
That's all I'm going to say on this matter.
Well that is a nice offer but exactly do you think you could do? When
some hole is found before I can apply any patches ... well they get in.
The sites have been fixed and I will now spend the rest of the day
working on figuring out how they got in and attempt to patch it. Not how
I planned on spending my day.
--
==== Programming my first best destiny! ====
Michael A. Hess Miracle Concepts, Inc.
[EMAIL PROTECTED] http://www.miraclec.com
Phone: 570-388-2211 Fax: 570-388-6101
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
