Security is more than just a secure site

Skip to content
Skip to site navigation

Written by Lynne Pope

Aug 10, 2008 at 12:38 AM

Security Doesn't Start and Stop With Mambo

Web site security is always a hot topic on the forums for any web content management system, including on the Mambo forums. Last week, Deborah Hale posted a diary entry on the SANS Internet Storm Center site, titled, "Securing A Network - Lessons Learned". Among the things she said, this really stands out:

Customer computer’s without anti-virus and/or firewall protection are a big target, not just for them but for their ISP as well. It absolutely amazed me how quickly a computer can go from compromised to abused and used. Over the July 4th weekend while reviewing my logs I noticed that one of our IP addresses, a residential customer’s home computer was sending over 200,000 emails a day. I quickly blocked the IP and determined who the customer was. In my conversation with the customer I asked them if they had an anti-virus program. They said that they did, when I asked them how long ago they had purchased the license, they couldn’t remember. It came with their computer and they bought their computer a few years ago. They said that they updated it everyday. I explained to them that it has to be renewed every year. They had no idea. It amazes me that people have no idea what it takes to protect their computer and perhaps their identity as well.

This made me think of all the work that goes in to teaching people about how to keep their Mambo sites secure, and how all this can be undone if someone with Super Administrator privileges logs into Mambo's backend from a compromised computer.

Keeping web applications up-to-date is extremely important, but how many of you take as much care with your own personal computers? Are your firewalls and anti-virus software kept updated? Do you even use these (if not, you really should)?

Secunia offer a great online tool for evaluating your exposure to risk. Try it, you may be surprised by the results! http://secunia.com/software_inspector/. The downloadable Personal Software Inspector gives a more thorough analysis of your software and is a good tool to get into the habit of using.

Another online service with free tools is Audit My PC. This provides a good test of your firewall settings and shows you areas where your computer may be exposed.

When you are logged in to Mambo, so is your computer. For your site to be secure, you really need to make sure your computer is too.

User Comments

Comment by Heru "matrix14" on 2008-08-22 01:29:10

I 100% agree with Lynne. I remember at October 2007, my Mambo site just infected by the malicious code after I have uploaded some php files from the infected network.

Comment by bizcard.com on 2008-10-08 13:17:11

very interesting ,I didn't have a clue about this thing.

<Previous		Next>

Stay Informed

Join the Mambo fun on facebook!

Follow Mambo on Twitter. This is the official (and only) Twitter account for Mambo.

Buy your Mambo books here and help support Mambo at the same time!

Subscribe to our Security Mailing List to receive security notifications.

Get Help

Mambo Manual

Our user manual and developer guide. Jump inside and find out how Mambo works for you.

Mambo Forums

The place to help and be helped.

Mambo Support

Knowledgebase chock full of tips, tricks, how-to's and best practise to help you get the most out of using Mambo.

Mambo Services

Can't do it alone? You don't need to! We have a growing list of Mambo professionals who will be happy to help you out.

What is Mambo?

Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to complex corporate applications. It is used all over the world to power government portals, corporate intranets and extranets, ecommerce sites, nonprofit outreach, schools, church, and community sites. Mambo's "power in simplicity" also makes it the CMS of choice for many small businesses and personal sites.

Mambo is one of the most powerful Open Source Content Management Systems on the planet and with almost 8 million downloads, Mambo is arguably one of the most popular CMS's in the world. Mambo is easy to install, simple to manage, and reliable.

About this site

The mambo-news.org site has been built with the world's most popular CMS - Mambo!

This is a basic install of Mambo Lite 4.6.5.

The site uses the following 3rd party extensions:

Thick-RSS module from Horst Lindlbauer;

Mambo News