CMSMS - security record?

[mihai11]

Hello,



Does CMSMS have a good security record?

People who are using it: did you had security breaches?



Regards,
Razvan

[RonnyK]

Razvan,

since the 1.2 series, no CMSMS hack has been reported.

Some sites have been hacked since then, but those were shared-hosting or other attacks, no CMSMS hacks.

Ronny

[mihai11]

Razvan,

since the 1.2 series, no CMSMS hack has been reported.

Some sites have been hacked since then, but those were shared-hosting or other attacks, no CMSMS hacks.

Ronny

I am really glad to hear this. I will use some modules that I will develop - and those are going to be secure. What also needs to be secure is the CORE of CMSMS.


Regards,
Razvan

[Grudgeuk]

I have to admit this is one of the best CMS's out there.  Seems to be very secure and I'm very happy with the speed patches are release when there are isssues.

[Pierre M.]

Hello,

the documentation includes a small security guide. Everybody can contribute hardening recipes.
The core has been reviewed and patched for holes. As an http thing a CMSms install can be protected with additional http things.
Off site backups always help.

Pierre M.

[mihai11]

Hello,

the documentation includes a small security guide. Everybody can contribute hardening recipes.
The core has been reviewed and patched for holes. As an http thing a CMSms install can be protected with additional http things.
Off site backups always help.

Pierre M.

I agree with you: things can always be made more difficult for a potential hacker, but ... life would me much easier if CMSMS itself would be secure and it looks like it is - people from these board have confirmed it.

[replytomk3]

With all things from the security guide applied, I would worry more about keeping your admin and FTP passwords secure. Consequently, if your site was infected, do not blame CMSMS first, think whether it was a virus that stole your saved FTP password and sent it back to its creator.

[mihai11]

With all things from the security guide applied, I would worry more about keeping your admin and FTP passwords secure. Consequently, if your site was infected, do not blame CMSMS first, think whether it was a virus that stole your saved FTP password and sent it back to its creator.

I am *not* using FTP and I don't recommend it to anyone. It would be much better to use SCP:
http://en.wikipedia.org/wiki/Secure_copy

Since I have a dedicated server, I can configure it the way I want. If you are on shared hosting, you might have to use FTP...

[storyleader]

the documentation includes a small security guide. Everybody can contribute hardening recipes.

I don't see the "small security guide." Where is it?

Thanks!

[jmcgin51]

forum.cmsmadesimple.org/index.php/topic,19660.0.html

[ironblaze94]

I have had 1 site out of 30 hacked but that was due to the hosting provider setting the FTP username and password as 'abc123'. I repeatedly told them to change it and then when the website was defaced it was the 'CMS fault' 

[Chinboy]

I have had 1 site out of 30 hacked but that was due to the hosting provider setting the FTP username and password as 'abc123'. I repeatedly told them to change it and then when the website was defaced it was the 'CMS fault' 

I guess the word "DOH!!" comes to mind here