CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

[SOLVED]Yikes - I can't edit my pages

https://forum.cmsmadesimple.org/viewtopic.php?t=39276

Page 2 of 2

Re: Yikes - I can't edit my pages

Posted: Sun Nov 29, 2009 12:15 pm
by Rolf
To try keeping hackers outside or keep the damage limited you can do f.i.

1. Strong ftp passwords. Not Steve01, but something like ghrT64#sjulrGk2

2. Make backups (files+dbase) to your local pc. The pc must have an up-to-date Internet Security Suite.
Have seen a site which had problem with hackers for over two years, I made a backup of it and Kaspersky found two Trojans in it. The files had been there for two years.

3. Save backup a long period, when your site is hacked anyway, you can put a previous version back.

4. Keep CMSMS and modules up-to-date

5. http://wiki.cmsmadesimple.org/index.php ... mall_Guide

6. Good webhost.

7. ...

Grtz. Rolf

Re: Yikes - I can't edit my pages

Posted: Sun Nov 29, 2009 5:03 pm
by wakewatcher
Thanks.

I'm curious from the wiki that you referenced... I always use the admin account when I post news.  I'm not understanding what is exposed and how.
CMSMS Settings

    .
    * Never use "admin" or "administrator" as CMSMS admin username. Use a different nickname.
       Pay attention if you post some news article with admin account, the name is exposed.
    .
    .
 

Re: Yikes - I can't edit my pages

Posted: Sun Nov 29, 2009 5:13 pm
by Rolf
In the default news template is admin loginname used as the authorname.
Once you know this name a hacker is halfway breaking your admin code.
Filling in the adminname and using a code generator to find out the password has become much easier. (brute force attack)

Grtz. Rolf

Re: Yikes - I can't edit my pages

Posted: Sun Nov 29, 2009 10:35 pm
by wakewatcher
Thanks.  I'll fix a few things.

Re: Yikes - I can't edit my pages

Posted: Sun Nov 29, 2009 11:20 pm
by wakewatcher
So I decided I wanted to add a new administrator and change the current admin account to be a non admin account (since it is associated with all the current content.) I could easily add the new admin account but I don't see how to change the original admin account to a non admin account to be just an editor.  Anyway to do that?

Re: Yikes - I can't edit my pages

Posted: Mon Nov 30, 2009 7:49 am
by Sonya
wakewatcher wrote: So I decided I wanted to add a new administrator and change the current admin account to be a non admin account (since it is associated with all the current content.) I could easily add the new admin account but I don't see how to change the original admin account to a non admin account to be just an editor.  Anyway to do that?
See here, how to replace admin name with information from first and last name in the user account: http://forum.cmsmadesimple.org/index.ph ... 663.0.html
If you are the only person who edit the website, you can replace the username in the template with something static. No need to use username variable.

Re: [SOLVED]Yikes - I can't edit my pages

Posted: Mon Nov 30, 2009 8:37 am
by wakewatcher
Excellent!  Thanks!
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited