After tiring of a second CMS, the time came to rethink the website and now you can see the results.
A Content Management System is great - you can add new text and pages using your web browser and all the site layout is already there. The problem with CMSs is that to make the site interactive, a lot of functionality must be added which exposes a lot more functionality that can be exploited. Before Christmas I was using b2evolution (v0.9.0.11), a blogging CMS, which I had to remove because of a constant bombardment of robots trying to add links for tracebacks to the site. I believe this vulnerability was fixed in later versions but I used the opportunity to try e107 (v0.6172). e107 is all full featured CMS, built with PHP like b2evolution, that has lots of functionality. However, it has vulberabilities of course and these were expoited before I could upgrade to the latest version.
To me, the problem seems to be that using a CMS requires almost constant upgrading to the very latest version. This is ok if you want to upgrade several hours a week to a website but not ok if the website is a background task. So I've decided to go from using a CMS i.e. GNU/Linux, Apache, PHP and mySQL to using plain old XHTML and CSS i.e. GNU/Linux and Apache. This will definitely reduce the attack vectors and hopefully reduce the attacks. Time will tell and remembering that nothing is 100% secure.
There is a great site called Open Source Web Design where web designers showcase their templates and designs - its like Sourceforge for designers. I found this design that was put together by a guy caled Andreas Viklund. Its pure XHTML and CSS and W3C compliant.
On a last note, if you are interested in trying out some CMSs, this site is great - it lets you try out the CMS without downloading anything.
Posts
