"florida4x4";p="14536" wrote:Well I dont know that this is the exact proper forum to discuss this but the recent hack allowed a remote user to completely own my system. I played with the tool they were using and it was bad. beyond bad. So it raises the question should I move my site to another brand of software? I mean the update to 1.4.1 has taken soooo long and now this hack. It's like getting your head torn off and someone sh*tting down your neck. I know the folks who work on this software have put a lot of effort into it and it is opensource (if it breaks you get to keep both pieces). I guess I'm just a little surprized at how easily a small omission can turn into a big, major problem. I host other sites on this server and they were all defaced. One entire subdirectory was deleted along with /var/log.
So should I stay with IntegraMOD? Am I over reacting? What kind of programming quality should I expect from this project? I like the way it looks anyway... Maybe I should just move the BBS stuff on to a dedicated machine that is labled expendable.... sigh.
It is true that things like this makes us all think more serious about security...
That is the one good thing that comes after such critical moments.
But integraMOD is not the only one...
And I would even say more...there are even bugs in PHP itself
If you look around on other CMS forums, they all have had such moments from time to time...
It's a pity that there are always people looking for ways to break into every security hole they can find...
And it's not only PHP scripts...
Operating systems, protected software, protected music, protected videos,...
Have you ever seen anything succeeding in protecting their stuff completely?
There are companies working day and night on security alone...
And after every new protection another way around it will be found...
The only thing that seems to be impossible in computerworld is the word 'impossible' itself...
There will always be risks...no matter what script, no matter what software, no matter what operating system, no matter what house you live in,... That's life...
The only thing that can make a difference is the attention an dedication to avoid and repair any possible dammage...
Like I said...'impossible' is just a word...but not only for hackers...
After moments like this, everyone wakes up to look for better protection...
I'm sure that every developer will put more attention on protection after this, also many of their own sites have been hacked as well...
Keep this in mind:
What doesn't kill IM only makes it stronger. <img>
The safest sites have been hacked before getting there...
Most sites who haven't been hacked yet, don't even know what to expect...
A broken leg will never break at the same place again...