Posts Tagged ‘ php windows hosting ’

5 Common Administrator Mistakes in CMS

Wednesday, March 10th, 2010

Posted in PHP Portal | No Comments »

A content management system (CMS) is a collection of procedures used to manage work flow in a collaborative environment.  In a CMS, data can be defined as almost anything – documents, movies, pictures, phone numbers, scientific data, etc. CMSs are frequently used for storing, controlling, revising, semantically enriching, and publishing documentation. Content that is controlled is industry-specific. For example, entertainment content differs from the design documents for a fighter jet. There are various terms for systems (related processes) that do this. Examples are web content management, digital asset management, digital records management and electronic content management. Synchronization of intermediate steps, and collation into a final product are common goals of each.
When a CMS gets hacked, usually the reason for this is not that the CMS itself is insecure but that hackers took advantage of some common admin mistakes. The list of admin mistakes is pretty long but not surprisingly, the number of the most common ones is a single digit. Here are some of these mistakes you must know and never do in the CMS you administer:
1. Default passwords
One of the first things hackers check when they plan to attack is for “easy passwords”. Default passwords (i.e. the passwords that come together with the installation) are easy to find. It is true that many CMS don’t come with a default password or even if they do, the installation procedure will make you change your password before you can use the software but if your CMS comes with a default password, make sure that you change it.
2. No patches installed
It is true that installing tens of patches a day is boring but if you don’t watch out for (at least) the critical updates and don’t install them in a timely manner, this is an invitation to hackers. Hackers monitor reports for new vulnerabilities and rely on the fact that the administrator won’t install the patches immediately.
3. Unreliable and insecure web hosting
Insecure web hosting is one of the greatest danger for the security of your CMS. Vulnerabilities in the operating system and the other software that is installed on your web host are also among the favorite targets of hackers and the worst is that if your web host is insecure, there isn’t much you as an admin of your CMS can do to counteract it. You can’t fix the holes in the security of your web hosting provider and the only thing you can do is escape to a better web host.
4. Generous user privileges
There are hardly any admins (in their right mind), who will give admin privileges to ordinary users but there aren’t that few admins, who are really generous when user privileges are concerned. One of the most important security rules is the least privilege rule – i.e. give users access only to those parts of the site they really need to have in order to do their jobs.
5. Insecure plugins
Hackers might not enter through the front door of your CMS but if the other doors are open, they don’t need backdoors (i.e. malware) to gain access to your site. Almost any CMS relies on plugins to provide additional functionality and this is the charm of CMS because you get a base installation and you have the freedom to add only the functionality you need but this freedom is also a security risk.

A content management system (CMS) is a collection of procedures used to manage work flow in a collaborative environment.  In a CMS, data can be defined as almost anything – documents, movies, pictures, phone numbers, scientific data, etc. CMSs are frequently used for storing, controlling, revising, semantically enriching, and publishing documentation. Content that is controlled is industry-specific. For example, entertainment content differs from the design documents for a fighter jet. There are various terms for systems (related processes) that do this. Examples are web content management, digital asset management, digital records management and electronic content management. Synchronization of intermediate steps, and collation into a final product are common goals of each.

When a CMS gets hacked, usually the reason for this is not that the CMS itself is insecure but that hackers took advantage of some common admin mistakes. The list of admin mistakes is pretty long but not surprisingly, the number of the most common ones is a single digit. Here are some of these mistakes you must know and never do in the CMS you administer:

1. Default passwords

One of the first things hackers check when they plan to attack is for “easy passwords”. Default passwords (i.e. the passwords that come together with the installation) are easy to find. It is true that many CMS don’t come with a default password or even if they do, the installation procedure will make you change your password before you can use the software but if your CMS comes with a default password, make sure that you change it.

2. No patches installed

It is true that installing tens of patches a day is boring but if you don’t watch out for (at least) the critical updates and don’t install them in a timely manner, this is an invitation to hackers. Hackers monitor reports for new vulnerabilities and rely on the fact that the administrator won’t install the patches immediately.

3. Unreliable and insecure web hosting

Insecure web hosting is one of the greatest danger for the security of your CMS. Vulnerabilities in the operating system and the other software that is installed on your web host are also among the favorite targets of hackers and the worst is that if your web host is insecure, there isn’t much you as an admin of your CMS can do to counteract it. You can’t fix the holes in the security of your web hosting provider and the only thing you can do is escape to a better web host.

4. Generous user privileges

There are hardly any admins (in their right mind), who will give admin privileges to ordinary users but there aren’t that few admins, who are really generous when user privileges are concerned. One of the most important security rules is the least privilege rule – i.e. give users access only to those parts of the site they really need to have in order to do their jobs.

5. Insecure plugins

Hackers might not enter through the front door of your CMS but if the other doors are open, they don’t need backdoors (i.e. malware) to gain access to your site. Almost any CMS relies on plugins to provide additional functionality and this is the charm of CMS because you get a base installation and you have the freedom to add only the functionality you need but this freedom is also a security risk.

As a world leading web hosting industry, webhostforasp.net has many experiences in CMS. We are fully aware of many hacker’s threats out there. That’s why we regularly update our CMS version with the latest patch in order to provide secure environment for our customers who want to use CMS as their main web site. Looking for secure web hosting? don’t go anywhere, because webhostforasp.net is your right choice!

Tags: , ,

Moodle Hosting Service

Thursday, February 25th, 2010

Posted in PHP Portal | No Comments »

Moodle is a software package for producing Internet-based courses and web sites. It is a global development project designed to support a social constructionist framework of education.

Moodle is provided freely as Open Source software (under the GNU Public License). Basically this means Moodle is copyrighted, but that you have additional freedoms. You are allowed to copy, use and modify Moodle provided that you agree to: provide the source to others; not modify or remove the original license and copyrights, and apply this same license to any derivative work. Read the license for full details and please contact the copyright holder directly if you have any questions.

Moodle can be run on Windows and Mac operating systems and many flavors of linux (for example Red Hat or Debian GNU). There are many knowledgeable Moodle Partners to assist you, even host your Moodle site. The word Moodle was originally an acronym for Modular Object-Oriented Dynamic Learning Environment, which is mostly useful to programmers and education theorists. It’s also a verb that describes the process of lazily meandering through something, doing things as it occurs to you to do them, an enjoyable tinkering that often leads to insight and creativity. As such it applies both to the way Moodle was developed, and to the way a student or teacher might approach studying or teaching an online course. Anyone who uses Moodle is a Moodler.

There are many dimensions to interoperability for e-learning systems. Moodle’s interoperability features include:

  1. Authentication, using LDAP, Shibboleth, or various other standard methods (e.g. IMAP)
  2. Enrollment, using IMS Enterprise among other standard methods, or by direct interaction with an external database
  3. Quizzes and quiz questions, allowing import/export in a number of formats: GIFT (moodle’s own format), IMS QTI, XML and XHTML (NB although export works very well, import is currently not complete). Moodle provides various types of questions – Calculated, Description, Essay, Matching, Embedded Answers, Multiple Choice, Short Answer, Numerical, Random Short-Answer Matching, True/False.
  4. Resources, using IMS Content Packaging, SCORM, AICC (CBT), LAMS
  5. Integration with other Content Management Systems such as Postnuke (via third-party extensions)
  6. Syndication, using RSS or Atom newsfeeds – external newsfeeds can be displayed in a course, and forums, blogs, and other features can be made available to others as newsfeeds.

Tags: , , ,