[SOLVED]Yikes - I can't edit my pages

For questions and problems with the CMS core. This board is NOT for any 3rd party modules, addons, PHP scripts or anything NOT distributed with the CMS made simple package itself.
Post Reply
User avatar
Rolf
Power Poster
Power Poster
Posts: 7825
Joined: Wed Apr 23, 2008 7:53 am
Contact:
Contact Rolf

Re: Yikes - I can't edit my pages

Post by Rolf »

To try keeping hackers outside or keep the damage limited you can do f.i.

1. Strong ftp passwords. Not Steve01, but something like ghrT64#sjulrGk2

2. Make backups (files+dbase) to your local pc. The pc must have an up-to-date Internet Security Suite.
Have seen a site which had problem with hackers for over two years, I made a backup of it and Kaspersky found two Trojans in it. The files had been there for two years.

3. Save backup a long period, when your site is hacked anyway, you can put a previous version back.

4. Keep CMSMS and modules up-to-date

5. http://wiki.cmsmadesimple.org/index.php ... mall_Guide

6. Good webhost.

7. ...

Grtz. Rolf
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
Image
Top
User avatar
wakewatcher
Forum Members
Forum Members
Posts: 149
Joined: Fri Dec 28, 2007 12:33 am

Re: Yikes - I can't edit my pages

Post by wakewatcher »

Thanks.

I'm curious from the wiki that you referenced... I always use the admin account when I post news.  I'm not understanding what is exposed and how.
CMSMS Settings

    .
    * Never use "admin" or "administrator" as CMSMS admin username. Use a different nickname.
       Pay attention if you post some news article with admin account, the name is exposed.
    .
    .
 
Top
User avatar
Rolf
Power Poster
Power Poster
Posts: 7825
Joined: Wed Apr 23, 2008 7:53 am
Contact:
Contact Rolf

Re: Yikes - I can't edit my pages

Post by Rolf »

In the default news template is admin loginname used as the authorname.
Once you know this name a hacker is halfway breaking your admin code.
Filling in the adminname and using a code generator to find out the password has become much easier. (brute force attack)

Grtz. Rolf
- + - + - + - + - + - + -
LATEST TUTORIAL AT CMS CAN BE SIMPLE:
Migrating Company Directory module to LISE
- + - + - + - + - + - + -
Image
Top
User avatar
wakewatcher
Forum Members
Forum Members
Posts: 149
Joined: Fri Dec 28, 2007 12:33 am

Re: Yikes - I can't edit my pages

Post by wakewatcher »

Thanks.  I'll fix a few things.
Top
User avatar
wakewatcher
Forum Members
Forum Members
Posts: 149
Joined: Fri Dec 28, 2007 12:33 am

Re: Yikes - I can't edit my pages

Post by wakewatcher »

So I decided I wanted to add a new administrator and change the current admin account to be a non admin account (since it is associated with all the current content.) I could easily add the new admin account but I don't see how to change the original admin account to a non admin account to be just an editor.  Anyway to do that?
Top
Sonya

Re: Yikes - I can't edit my pages

Post by Sonya »

wakewatcher wrote: So I decided I wanted to add a new administrator and change the current admin account to be a non admin account (since it is associated with all the current content.) I could easily add the new admin account but I don't see how to change the original admin account to a non admin account to be just an editor.  Anyway to do that?
See here, how to replace admin name with information from first and last name in the user account: http://forum.cmsmadesimple.org/index.ph ... 663.0.html
If you are the only person who edit the website, you can replace the username in the template with something static. No need to use username variable.
Top
User avatar
wakewatcher
Forum Members
Forum Members
Posts: 149
Joined: Fri Dec 28, 2007 12:33 am

Re: [SOLVED]Yikes - I can't edit my pages

Post by wakewatcher »

Excellent!  Thanks!
Top
Post Reply

Return to “CMSMS Core”