PLUG site incident last night
Craig White
craigwhite at azapple.com
Mon Jan 1 21:17:27 MST 2007
On Mon, 2007-01-01 at 17:58 -0700, Edward Norton wrote:
>
>
> On 1/1/07, Jim <arizona.anorak at gmail.com> wrote:
> Edward Norton wrote:
> > PLUG cracked AGAIN? Not surprising considering you guys wont
> consider
> > anything other than a badly coded PHP CMS.
>
> Ed,
>
> Apparently you know more about securing a site than the people
> who run
> it. At least that's what your message implies. I have an
> idea. When
> it's time for the next PLUG meeting, come out of the sewer,
> show up at
> the meeting and offer to help secure the site.
>
> Jim,
>
> As a matter of fact, yes, I do know more about securing websites than
> the people running PLUG, so it seems.
>
> >I have an idea. When
> >it's time for the next PLUG meeting, come out of the sewer, show up
> at
> >the meeting and offer to help secure the site.
>
> Hey asshole, you don't even know me. Don't get a fucking attitude. As
> it happens, I HAVE BEEN TO THE
> MEETINGS, and I HAVE brought up site security. Infact, I've brought it up in the IRC channel as well,
> so before you start being a little prick, know who you're talking to.
>
> Anyways, you wan't some ideas? Ok. How about to start: get the hell
> away from shared hosting. Second, invest in "hardened-php," third,
> look into GRSecurity and RBAC. Fourth, strip apache down to only the
> needed modules. Fifth, don't use shitty CMS's.
>
> Hey Jim, you happy now asshole?
----
good thing we are all on the same side - at least that was what I
thought.
The above is entirely over the the line. Jim, you were out of line too.
And it has been suggested that I lack tact - sheesh, I have been
completely exonerated in this regard.
The fact is, we are stuck with shared hosting until we get someone to
donate a server and thus the above suggestions, though perhaps not
entirely without merit are entirely not germane to our current
situation.
Craig
More information about the PLUG-discuss
mailing list