[clug-progsig] Re: [clug-talk] clug.ca 'hacked' again

Sun Sep 5 19:28:12 PDT 2004

So, it looks as though the executive may need our help.  I haven't spoken with 
them yet on this, but thought I'd post an idea here to see the reaction we 
get...

There's a number of good tools out there for web based WYSIWYG page editors 
(i.e. SPAW - 
http://www.solmetra.com/en/disp.php/en_products/en_spaw/en_spaw_about).  I 
think we can take one of these and build a content management system around 
it.

I can work with the executive to come up with a database design (I've built a 
few content management systems before so am aware of the issues involved), 
but I doubt I'll have the time to do coding on a CMS.  Are there any 
volunteers in the group who would like to expand on their PHP skills and help 
develop a custom CMS for CLUG?  This would require a little dedication until 
it is completed.   I would suspect we'd be looking at approximately a month 
or two from concept to completion (aka maintenance mode).

If you think you can dedicate some time, please let me know. 

Shawn

On Sunday 05 September 2004 14:29, Jarrod Major wrote:
> Hey All,
>
> I'm sad to report that the CLUG website has been hacked yet again.
> Thank-you to everyone who called me and informed me of the news. I was
> aware of it late last night but haven't been able to do anything about it
> till recently.
>
> It appears that there is a hack where someone may inject an admin account
> into our Nuke and I found two of them as it turns out. The accounts have
> been removed for now but I have not been able to track down where they
> managed to get their cute little post into our home page.
>
> It's irrelevant. This has pretty much tied the Executive Board's hands. We
> decided to make it easy on ourselves and go with a Nuke rather than making
> our own content-management system or doing static web pages that only we
> had access to.
>
> This will be rectified shortly.
>
> This kind of thing cannot continue, the vandalism of our site has been
> relatively tame, no real vulgarity but at some point they could start
> making changes to things like meeting notices and input incorrect dates or
> times. As we want the most accurate, secure website that we can have we
> will be changing it once again.
>
> You patience in the meantime is appreciated.