Page 1 of 1
CMSMS - security record?
Posted: Fri Jun 19, 2009 6:16 am
by mihai11
Hello,
Does CMSMS have a good security record?
People who are using it: did you had security breaches?
Regards,
Razvan
Re: CMSMS - security record?
Posted: Fri Jun 19, 2009 6:55 am
by RonnyK
Razvan,
since the 1.2 series, no CMSMS hack has been reported.
Some sites have been hacked since then, but those were shared-hosting or other attacks, no CMSMS hacks.
Ronny
Re: CMSMS - security record?
Posted: Fri Jun 19, 2009 7:16 am
by mihai11
RonnyK wrote:
Razvan,
since the 1.2 series, no CMSMS hack has been reported.
Some sites have been hacked since then, but those were shared-hosting or other attacks, no CMSMS hacks.
Ronny
I am really glad to hear this. I will use some modules that I will develop - and those are going to be secure. What also needs to be secure is the CORE of CMSMS.
Regards,
Razvan
Re: CMSMS - security record?
Posted: Fri Jun 19, 2009 12:11 pm
by Grudgeuk
I have to admit this is one of the best CMS's out there. Seems to be very secure and I'm very happy with the speed patches are release when there are isssues.
Re: CMSMS - security record?
Posted: Sat Jun 20, 2009 3:15 pm
by Pierre M.
Hello,
the documentation includes a small security guide. Everybody can contribute hardening recipes.
The core has been reviewed and patched for holes. As an http thing a CMSms install can be protected with additional http things.
Off site backups always help.
Pierre M.
Re: CMSMS - security record?
Posted: Mon Jun 22, 2009 6:07 am
by mihai11
Pierre M. wrote:
Hello,
the documentation includes a small security guide. Everybody can contribute hardening recipes.
The core has been reviewed and patched for holes. As an http thing a CMSms install can be protected with additional http things.
Off site backups always help.
Pierre M.
I agree with you: things can always be made more difficult for a potential hacker, but ... life would me much easier if CMSMS itself would be secure and it looks like it is - people from these board have confirmed it.
Re: CMSMS - security record?
Posted: Mon Jun 22, 2009 8:07 am
by replytomk3
With all things from the security guide applied, I would worry more about keeping your admin and FTP passwords secure. Consequently, if your site was infected, do not blame CMSMS first, think whether it was a virus that stole your saved FTP password and sent it back to its creator.
Re: CMSMS - security record?
Posted: Mon Jun 22, 2009 11:16 am
by mihai11
replytomk3 wrote:
With all things from the security guide applied, I would worry more about keeping your admin and FTP passwords secure. Consequently, if your site was infected, do not blame CMSMS first, think whether it was a virus that stole your saved FTP password and sent it back to its creator.
I am *not* using FTP and I don't recommend it to anyone. It would be much better to use SCP:
http://en.wikipedia.org/wiki/Secure_copy
Since I have a dedicated server, I can configure it the way I want. If you are on shared hosting, you might have to use FTP...
Re: CMSMS - security record?
Posted: Sat Jul 18, 2009 8:51 am
by storyleader
Pierre M. wrote:
the documentation includes a small security guide. Everybody can contribute hardening recipes.
I don't see the "small security guide." Where is it?
Thanks!
Re: CMSMS - security record?
Posted: Sat Jul 18, 2009 2:17 pm
by jmcgin51
forum.cmsmadesimple.org/index.php/topic,19660.0.html
Re: CMSMS - security record?
Posted: Fri Aug 21, 2009 7:21 pm
by ironblaze94
I have had 1 site out of 30 hacked but that was due to the hosting provider setting the FTP username and password as 'abc123'. I repeatedly told them to change it and then when the website was defaced it was the 'CMS fault'
Re: CMSMS - security record?
Posted: Fri Oct 16, 2009 2:20 pm
by Chinboy
ironblaze94 wrote:
I have had 1 site out of 30 hacked but that was due to the hosting provider setting the FTP username and password as 'abc123'. I repeatedly told them to change it and then when the website was defaced it was the 'CMS fault'
I guess the word "DOH!!" comes to mind here
