Textpattern CMS support forum

You are not logged in. Register | Login | Help

#21 2014-07-17 15:50:50

etc
Developer
Registered: 2010-11-11
Posts: 2,949
Website

Re: Textpattern CMS demo site

gaekwad wrote #282239:

you mean comment spam on other website articles with a URL link to the demo site?

Pete, I mean posting comment spam to external websites from your demo site, file_get_contents function does it quite easily. Or even conduct a DoS attack. Or I’m paranoiac :)


etc_[ query | search | pagination | date | tree | cache ]

Offline

#22 2014-07-17 15:51:53

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,379

Re: Textpattern CMS demo site

etc wrote #282241:

Pete, I mean posting comment spam to external websites from your demo site, file_get_contents function does it quite easily. Or even conduct a DoS attack. Or I’m paranoiac :)

Ah, OK – thanks for the clarification. A firewall preventing all external connections would mitigate that, right?

Offline

#23 2014-07-17 16:03:16

etc
Developer
Registered: 2010-11-11
Posts: 2,949
Website

Re: Textpattern CMS demo site

gaekwad wrote #282242:

A firewall preventing all external connections would mitigate that, right?

Quite possible, I’m network dilettante. An expert advice is welcome.


etc_[ query | search | pagination | date | tree | cache ]

Offline

#24 2014-07-17 16:09:51

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,379

Re: Textpattern CMS demo site

etc wrote #282243:

Quite possible, I’m network dilettante. An expert advice is welcome.

+1. Your input is very valuable, so thank you for sharing your concerns.

I have firewalled the server. Incoming connections outside of port 80 and the (non-standard) ssh port are blocked. All outgoing connections outside of Subversion are blocked.

Last edited by gaekwad (2014-07-18 09:17:56)

Offline

#25 2014-07-23 20:38:18

Gocom
Plugin Author
Registered: 2006-07-14
Posts: 4,524
Website

Re: Textpattern CMS demo site

gaekwad wrote #282242:

A firewall preventing all external connections would mitigate that, right?

You can kind of use an firewall, but that requires that PHP isn’t run as a server module. Otherwise it can still do connections, because it runs under the server process.

Ideally the Textpattern setup should be run inside a secure container and PHP as FCGI under limited access user. But what ever you do, its not going to be trustworthy — it’s all just damage control.

Offline

#26 2014-07-23 21:20:23

ruud
Developer emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: Textpattern CMS demo site

Gocom wrote #282397:

You can kind of use an firewall, but that requires that PHP isn’t run as a server module. Otherwise it can still do connections, because it runs under the server process.

Unless the HTTP process runs as root, I don’t see how that would be possible.

Offline

#27 2014-07-23 22:37:46

Gocom
Plugin Author
Registered: 2006-07-14
Posts: 4,524
Website

Re: Textpattern CMS demo site

ruud wrote #282402:

Unless the HTTP process runs as root, I don’t see how that would be possible.

Yeah. Thinking other shit while trying to write; what I said is rather irrelevant.

gaekwad wrote #282244:

the (non-standard) ssh port are blocked

What port number? If its port that doesn’t require root (greater than 1024), you can knock down sshd and take its place as long as you can run executable code in Textpattern.

All outgoing connections outside of Subversion are blocked.

That’s an open port you can then use.

Offline

#28 2014-07-24 07:28:25

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,379

Re: Textpattern CMS demo site

Gocom wrote #282406:

What port number? If its port that doesn’t require root (greater than 1024), you can knock down sshd and take its place as long as you can run executable code in Textpattern.

It’s above 1024. Root ssh is not permitted, I haven’t set up keys.

That’s an open port you can then use.

Then I should fix that.

Offline

#29 2014-07-25 07:59:04

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,379

Re: Textpattern CMS demo site

I’ve updated the build script so the open port for Subversion is for the duration of svn export only, which is about 15-30 seconds every three hours.

Last edited by gaekwad (2014-07-25 07:59:28)

Offline

#30 2014-09-21 14:49:30

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,379

Re: Textpattern CMS demo site

I’ve bumped the Textpattern demo site to 4.5.7; as time allows in the coming weeks and months I’ll switch the site to an EU server and containerise the whole thing with Docker.

Last edited by gaekwad (2014-09-22 12:00:34)

Offline

Board footer

Powered by FluxBB