CMSimple 4.5.2 V CMSimple XH
CMSimple 4.5.2 V CMSimple XH
The recently closed thread did bring up some seriously valid points. ( viewtopic.php?f=2&t=8488 )
Apart from the obvious personal ideas ( of which i have many ) , the most important note for users of cmsimple , would be security.
So, just how secure is your website, for your users.
CMSimple 4.5.2 V CMSimple XH
1. Do you keep your website up to date with latest patches ?
2. Are all plugins used, regularly updated ?
3. Do you have a solid forum support (24 hrs) ?
4. Does my website adhere to the latest threats, and updated accordingly ?
So, the only question you need to ask your website provider / designer is, " Are there current vulnerabilities in my website code that could affect my website ? "
These are the most important things to remember when not only setting up a website, but having the constant support you will surely need going forward.
On a final note, CMSimple 4.5+ IS actually a form of XH, let's not forget that
So time to ask your website designer, is MY site as secure as it can be !
Apart from the obvious personal ideas ( of which i have many ) , the most important note for users of cmsimple , would be security.
So, just how secure is your website, for your users.
CMSimple 4.5.2 V CMSimple XH
1. Do you keep your website up to date with latest patches ?
2. Are all plugins used, regularly updated ?
3. Do you have a solid forum support (24 hrs) ?
4. Does my website adhere to the latest threats, and updated accordingly ?
So, the only question you need to ask your website provider / designer is, " Are there current vulnerabilities in my website code that could affect my website ? "
These are the most important things to remember when not only setting up a website, but having the constant support you will surely need going forward.
On a final note, CMSimple 4.5+ IS actually a form of XH, let's not forget that
So time to ask your website designer, is MY site as secure as it can be !
Re: CMSimple 4.5.2 V CMSimple XH
Hallo Holger,
jetzt wäre es doch mal an der Zeit, die von Dir angekündigten "härteren Moderationswerkzeuge" anzuwenden.
Die meisten CMSimple_XH User wollen diese Diskussionen hier nicht. Sie wollen hier über CMSimple_XH diskutieren, sie interessieren sich nicht für das Original CMSimple, und sie wollen keine Beleidigungen lesen hier im Forum. Es sei denn vielleicht, wenn ICH beleidigt werde, aber das ist die Minderheit.
Den von Mikey verlinkten Thread kannst Du auch gleich komplett löschen, cmsimplewiki.com ist wieder editierbar - Thread gegenstandslos.
Schon lustig bei Euch - der eine Admin beendet eine entgleiste Diskussion, der nächste macht an anderer Stelle munter weiter ...
Gert
jetzt wäre es doch mal an der Zeit, die von Dir angekündigten "härteren Moderationswerkzeuge" anzuwenden.
Die meisten CMSimple_XH User wollen diese Diskussionen hier nicht. Sie wollen hier über CMSimple_XH diskutieren, sie interessieren sich nicht für das Original CMSimple, und sie wollen keine Beleidigungen lesen hier im Forum. Es sei denn vielleicht, wenn ICH beleidigt werde, aber das ist die Minderheit.
Den von Mikey verlinkten Thread kannst Du auch gleich komplett löschen, cmsimplewiki.com ist wieder editierbar - Thread gegenstandslos.
Schon lustig bei Euch - der eine Admin beendet eine entgleiste Diskussion, der nächste macht an anderer Stelle munter weiter ...
Gert
Re: CMSimple 4.5.2 V CMSimple XH
Ich kann an Mikeys Post eigentlich nichts erkennen, was eine Moderation erfordern würde. Das einzige, was ich nicht optimal finde, ist die konkrete Gegenüberstellung von CMSimple 4.5.2 und CMSimple_XH. Letztlich betreffen die Hinweise alle Versionen/Varianten von CMSimple (und eigentlich sogar Web-Applikationen im allgemeinen). Da spielt das Thema Sicherheit eben eine wichtige Rolle. Vor nicht einmal zwei Jahren hat das BSI eine Sicherheitsstudie ContentGert wrote:jetzt wäre es doch mal an der Zeit, die von Dir angekündigten "härteren Moderationswerkzeuge" anzuwenden.
Management Systeme veröffentlicht (auch CMSimple wird darin erwähnt, wenn auch nur in einer Statistik am Rande), was wohl kaum erfolgt wäre, wenn das Thema nicht relevant wäre.
Wenn alle erledigten Threads zu löschen wären, dann wäre viel zu tun, und viel historische Information wäre verloren. Einige der offensiven Posts sollten vielleicht tatsächlich gelöscht oder moderiert werden, aber ich frage mich, ob das unter http://cmsimple.org/forum/ auch geschehen würde. Beleidigungen und vor allem falsche Behauptungen gibt es dort zu Hauf zu lesen.Gert wrote:Den von Mikey verlinkten Thread kannst Du auch gleich komplett löschen, cmsimplewiki.com ist wieder editierbar - Thread gegenstandslos.
Christoph M. Becker – Plugins for CMSimple_XH
Re: CMSimple 4.5.2 V CMSimple XH
and wow ! so a thread like this, with normal replies should prevail in a forum
my main context, is security !
given that gert has replied in my thread, please answer my main concern
is cmsimple 4.5+ secure ?
forget all other posts, somewhat negative for all other reasons, only users need to be caring about their website
will your fork of cmsimple be secure, like this forums official release of XH
mikey
my main context, is security !
given that gert has replied in my thread, please answer my main concern
is cmsimple 4.5+ secure ?
forget all other posts, somewhat negative for all other reasons, only users need to be caring about their website
will your fork of cmsimple be secure, like this forums official release of XH
mikey
Re: CMSimple 4.5.2 V CMSimple XH
i'm also over this.....
One simple question, that can be answered by both versions coders !
1. GERT ? is your version of cmsimple 4.5+ secure and up to date with all known security issues ?
2. XH Coders ? is your version of cmsimple XH secure and up to date with all known security issues ?
I think users would like to know
This is the only reason i posted this thread
Edit + : and yes this forum is moderated at a much higher level than my ADMIN status, however this question is worthy
One simple question, that can be answered by both versions coders !
1. GERT ? is your version of cmsimple 4.5+ secure and up to date with all known security issues ?
2. XH Coders ? is your version of cmsimple XH secure and up to date with all known security issues ?
I think users would like to know
This is the only reason i posted this thread
Edit + : and yes this forum is moderated at a much higher level than my ADMIN status, however this question is worthy
Last edited by mikey on Sat Apr 04, 2015 2:27 pm, edited 2 times in total.
Reason: know to known ;) grammer
Reason: know to known ;) grammer
Re: CMSimple 4.5.2 V CMSimple XH
I'm not aware of any vulnerabilities of CMSimple_XH 1.6.6 or the bundled plugins and templates. That doesn't imply that CMSimple_XH 1.6.6 is secure, because there might be unknown vulnerabilities, but I'm sure the developers would fix vulnerabilities in a timely manner, if they will be found. The most recent vulnerability had been detected on March, 5th, and CMSimple_XH 1.6.6 with the respective fix has been released March, 15th.mikey wrote: XH Coders ? is your version of cmsimple XH secure and up to date with all known security issues ?
It might be regarded as a security issue, though, that we don't strictly recommend HTTPS for back-end access and encrypted FTP transfer, and that the version.nfo files are not accessed via HTTPS. However, to my knowledge the former is common for many Web CMS, and users are free to activate HTTPS on the servers (requires a certificate, of course) and can use FTPS. The latter is not optimal, but it's not immediately dangerous, because the worst thing that can happen would be a MITM attack pretending up-to-date versions, even though updates would be pending. But then again, a user could simply turn off the update check at all.
Christoph M. Becker – Plugins for CMSimple_XH
Re: CMSimple 4.5.2 V CMSimple XH
Does any of you have or know a tool or a toolset which can do test for all vulnerabilities or are you just talking 'hearsay' (Othher specialists found....)?
(It would be nice to have a tool calling a site and reporting back known issues and potentional riscs [a hacker-tool for testing] - without actually doing the attack).
Does any of you know have to find out whether the vulnerability is due to CMS or server supplyer?
In my basic training I was told: 'No IT-system is ever secure - keep back-ups!' - but that may not be the case with CMSimple?
Regards
Hugo
(It would be nice to have a tool calling a site and reporting back known issues and potentional riscs [a hacker-tool for testing] - without actually doing the attack).
Does any of you know have to find out whether the vulnerability is due to CMS or server supplyer?
In my basic training I was told: 'No IT-system is ever secure - keep back-ups!' - but that may not be the case with CMSimple?
Regards
Hugo
Re: CMSimple 4.5.2 V CMSimple XH
I just read it and wanted to add my opinion. You probably remember my bad experience with hacked websites in the past. But what is spread nowadays around the hacking, attacks, security and vulnerabilities seems to me too paranoic.Hugorm wrote: 'No IT-system is ever secure - keep back-ups!'
Hugorn is right. No reliable security is real. One has realize that everything the man has found around (wooden stock, stone, fier, wather, wind, stone, etc.) was firt used to help the men. The other day it was used for attacks, destruction etc. The same way it is with all programs, systems etc. As long as one will look for vulnerabilities and holes, the men with other attitudes will look for the ways how missuse things or how to overcome the holes.
Security? 100% yes. But, please, no paranoya.
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.
Re: CMSimple 4.5.2 V CMSimple XH
Well, basically we're not looking for new kinds/types of vulnerabilities (that's something for the specialists), but rather we're looking for already known types of vulnerabilities. I believe there are some tools which are testing for some vulnerabilities, but to my knowledge there are no free tools available suitable for our purpose. It appears that we have to rely on code reviews and on looking out for and analysing strange behavior sometimes reported by others. At least that is how most of the vulnerabilites in CMSimple_XH have been detected so far.Hugorm wrote:Does any of you have or know a tool or a toolset which can do test for all vulnerabilities or are you just talking 'hearsay' (Othher specialists found....)?
That depends on the vulnerability. Most can be clearly assigned to be either a vulnerability in the application or the underlying system (PHP, Webserver), but there may be edge cases where the distinction not so clear.Hugorm wrote:Does any of you know have to find out whether the vulnerability is due to CMS or server supplyer?
Well, security in this case is not only about the lack of vulnerabilities, but also about reliability and robustness. Anyhow, I suggest to make backups of a (CMSimple) website regularly.Hugorm wrote:In my basic training I was told: 'No IT-system is ever secure - keep back-ups!' - but that may not be the case with CMSimple?
I suggest that web developers should have a healthy dose of paranoia when it comes to security related issues. It's too easy to overlook even basic issues, otherwise.Tata wrote:Security? 100% yes. But, please, no paranoya.
Christoph M. Becker – Plugins for CMSimple_XH
Re: CMSimple 4.5.2 V CMSimple XH
I understand most of what you are all saying, but then not quite all!
When it comes to specialist developers testing for vulnerabilities I can see multi tools for multi single vulnerabilities.
When it comes to developers for user / customers it would be nice if all known riscs where included in one tool and one test.
Is it worth considering, as an exsample, a plugin or rutine suitable for CMSimple_XH?
Could a start be a updated text file with all known vulnerabilities listed?
Maybe an item under: Security section?
When it comes to specialist developers testing for vulnerabilities I can see multi tools for multi single vulnerabilities.
When it comes to developers for user / customers it would be nice if all known riscs where included in one tool and one test.
Is it worth considering, as an exsample, a plugin or rutine suitable for CMSimple_XH?
Could a start be a updated text file with all known vulnerabilities listed?
Maybe an item under: Security section?