Like that Idea

Website Lessons Learned

02.14.06

I recently joined in a discussion on our sister site, WebCMS Forum, that I thought I would repost here. Hopefully it will help those of you with your own Websites to get you thinking about security and patching the software you are using to address any security issues. Discussions on WebCMS Forum focus on content management systems or CMS for short. What is an example of a CMS? Most Websites today build their sites no longer on HTML pages, but use software where the text is stored (and managed) usually within a database found on the Web server. Like that Idea uses Wordpress which may be considered a subset of a CMS.

The rest of this article was written by me and posted on WebCMS Forum but I modified it slightly here so it makes sense here. By the way, feel free to join in on the discussion or any discussion on the forum if it interests you.? In order to post in the forum you’ll need to register, but registration is free.

You know, I have not seen too many people trying to break into any of my sites until recently. Most of my sites are under a shared hosting plan, but one of my more recent sites is under a dedicated IP. You could tell the hackers were scanning the IP addresses and then any possible directory where the XMLRPC could be located. I had the opportunity to see how many different PHP applications they could exploit..the list was longer than opensourcecms.com provides! ;D

I’m pretty good about patching sites with security patches, I’m probably not so good to install patches that only address bugs with no security issues, especially if I haven’t seen any of those bugs myself. Then months later…lo and behold the bug shows up when I least expect it. Of course, some bugs I create on my own. The “bugs” use to show up when I modified PHP code without knowing what it did, but with this whole transition from HTML to XHTML had caused a few annoyances for me. Sometimes you just forget the “old way” doesn’t work so well when mixed with the new.

Someone mentioned Matt’s formmail scripts was there first script to patch. Matt’s Scripts…now that’s a name and a script I haven’t heard in a long time. Amazingly, there was a time that Matt seemed to be the only one to provide open source code online for free. I wonder if he’s ever been recognized by his efforts? Does he still own his site? Anyone know? Many of us wouldn’t have had good Websites in the 1990’s if it wasn’t for his perl scripts. In fact I didn’t even know what Perl was until I ran across his site.

I really am curious to hear what news anyone has about Matt’s Scripts. Feel free to post here or on Web CMS Forum.

Categories: Like that Software

Tags: , , , , , , ,

posted by Bryan on 02.14.06 @ 6:14 am | 0 comments