On Saturday 29 October 2005 13:18, Marc Weustink wrote:
> ik wrote:
> > On Saturday 29 October 2005 11:11, Marc Weustink wrote:
> >
> >>Thomas Zastrow wrote:
> >>
> >>>Florian Klaempfl wrote:
> >>>
> >>>
> >>>>Lv wrote:
> >>>>
> >>>>
> >>>>>This is getting annoying..
> >>>>>
> >>>>>Cant you guys just use Linux or BSD with ipchains or iptables.
> >>>>>If you want a firewall script let me know.
> >
> >
> > What is the connection to firewall exactly ?! Firewall is only a filter of
> > packets, not an "IPS" and it is not created to be one.
> >
> > Defacement is made using security holes such as SQL Injection, Buffer
> > Overflows (that exists on the server for example), and any other type of
> > access to the system (File uploading as another example).
> >
> > There are also possibilities that someone installed non standard program
that
> > opened a backdoor at the system itself. BTW If the "backdoor" is using
port
> > 80 for example, then firewall will not block it.
> >
> >
> >>>>
> >>>>The problem is probably postnuke but not the OS.
> >>>>
> >>>
> >>>Then send Postnuke to hell .... if you need some help transforming the
> >>>content from Postnuke to a new solution, let me know.
> >>
> >>The problem is not to create a static site, but the probmlem is to
> >>update and maintain it. Lazarus used to have a simple DB generated
> >>pages, but it missed some functionality which Postnuke offered.
> >>We had 2 choices, spent time to develop yet another system (and do't
> >>spend the time for Lazarus), or use something what is aready there.
> >
> >
> > Why not to use Drupal ? it's much better then PostNuke, and it's existed
> > Content Manager, with many more things to offer then PostNuke that have
more
> > holes then Swiss cheese ?
>
> Who guarantiees that ?
Who guaranty me that Lazarus is bug free ? that's why we have malling list and
bug tracking systems.
> If I look at the drupal site, it was at its early development when we
> switched to postnuke (and maybe postnuke was as well)
> So IMO it is yet another system, but does it mean that we need to change
> whenever something else, maybe better looking, maybe more secure is
> released ?
> It takes a lot of time to migreate a site from one system to another. If
> all was so easy, then all would have been done.
Well if it's more secure then the answer is yes! To say that because it's hard
to move from one type of content manager to another, and therefor you keep on
suffering from defacement, and the attackers may even found access to the svn
with write privileges, make fixing almost impossible, and therefor the move
for a new content manager is much better then staying with the current one,
and try to find out what was changed and fix that IMHO.
We (at www.securiteam.com) stopped reporting about issues with PostNuke and
phpBB because there are more holes then code... BTW phpBB creators claims
that in order to make better coding, they must rewrite everything from
scratch, without supporting older versions. I don't know if that the case for
PostNuke (if they are welling to rewrite it and how it will react with older
versions).
BTW Drupal comes with skins, so you can select something that is not looking
very good, if that's what bothering you :P
Don't keep your head in the dirt and hope for the best... try to make it
better.
>
> Marc
>
Ido
--
I'm a peripheral visionary: I see into the future, but mostly off to the
sides.
_________________________________________________________________
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject
archives at http://www.lazarus.freepascal.org/mailarchives
