Subject: Hideaway.Net has been Geeked!
Posted on: 05/06/02 11:53am
Hello all - we are a fairly young internet security company and have just switched our portal over to Geeklog! You can check out the site here.
I chose Geeklog mainly to use its news story and block features - as you can see the site has Many many static pages too and will keep growing as we add more content. All comments are welcome, and many thanks to all who have put in so much work to develop this software.
Posted on: 06/06/02 10:19am
You may not know this, but GeekLog was originally written to run the securitygeeks.com web site.
The site ownership transfered to the Shmoo Group over a year ago.
Posted on: 06/06/02 11:48am
That's one of the reasons I chose Geeklog over other portal apps - it actually was written with security in mind! I wasn't about to put up PHPNuke and have our -security- site hacked every other week. =) Anyway we linked up to securitygeeks.com, feel free to do the same or use our RDF if you'd like.
Posted on: 17/06/02 05:59pm
You're a security company and you left your /path/to/geeklog wide open? The point of the "public_html" directory is to point your 'document root' at it so that your webserver only gives direct access to anything under that directory. You've got your entire GL hierarchy accessible via the web.
Not at all secure. I can't say I've found a way to hack such an installation, but I can assure you it is an extremely insecure practice. In general you want to hide all you can from being directly accessible via the web, and only have those things accessible which are absolutely necessary. In GL terms that means only your public_html.
e.g. I can directly execute your config.php script by pointing to : http://www.hideaway.net/home/config.php. Maybe that doesn't cause problems, maybe it does. Either way this file and most of the rest of your GL install should not be directly accessible via your web server.
Geeklog - Forum