EEK I've been hacked!

[nlinecomputers]

Well I had a client call me this morning and say "Have you looked at your website?" Hackers broke in and defaced the site. Thank God no porn was uploaded but the site is wrecked. I run PHPnuke 6.9 so this isn't unexpected. (only a matter of when) I've been looking for a whole new site design package but I've been too busy to do anything about it and now hackers have forced this on me.I'm looking for a good website that is basicly a blog where I can post news, articles, and have a download section(by links).Also be nice but not required that the editor used to post blog/news be user friendly and not require you to use html tags.Ideas?

[SonicDragon]

www.wordpress.orgSorry to hear about your site.

[nlinecomputers]

Thanks no big loss except time and I could restore from backup but they'd just deface it again. PHPnuke is not very secure and I found out after I started using it that I should have used something else. I've been looking at wordpress and phpwebsite and I may go with wordpress but would love to hear more feedback. Example sites would be cool too. All you webmasters need to show off don't ya.

[SonicDragon]

I've honestly never used wordpress myself, but i plan to do my next redesign in it. I've used MovableType in the past, but am looking for something new, since MT isn't exactly free any more. Arena has a lot of experience with wordpress, and you can check out one of his sites that use it here. I don't know of any other sites that use it off the top of my head, but i know there are plenty out there.One of my friends also set up a wordpress site recently and said it was a breeze to set up and use.

[SonicDragon]

Found another one by following one of Arena's links. If i remember correctly, this is one of LLFan's sites.(BTW, i charge $20 a post for site advertizing. Arena, LLFan, i'll be expecting a check by monday )

[NRD]

Sorry to hear about that... Its one of the things I hate about CMS' Its a constant arms race between the Dev's and the hackers trying to get in. I've heard some good things about php-fusion, but have no experience with it myself. Couple of tips I swear by when using a CMS: Secure the admin folder (if one exists) with htaccess in addition to the normal login. Its an extra layer that will help keep any registered users from hacking in and creating GOD accounts. If you don't need to have registered users, disable the module, or remove it completely. Remove the blurb at the bottom and any meta info most CMS' include that list what version it is. Some people google for unpatched versions and attack from there.Keep up to date on patches And as always, CHMOD to lowest possible permissions that allow the script to function.

[nlinecomputers]

Good tips. That one about the version info is very good. Hadn't thought about that. No need informing the world what is going on in the back room.

[zox]

Maybe little too much but worth giving a look:http://www.mamboserver.com/

[NRD]

I'm currently using mambo on a few sites, but as ZOX infered... Its not a simple CMS. The interface is not what I would call user friendly or intuitive. It has also gone through some very serious patching for security bugs. Another one I have tried and used on occasion in the past is Xoops (xoops.org)Here is a Jumbo list of CMS software. It should keep you busy for a bit http://www.cmsmatrix.org/

[NRD]

One other note about Mambo....the built in editor hasn't worked with any other browser except IE, at least for me. I now just write my own html and add it to the CMS. Its one of the main reasons I don't recommend it.

[SonicDragon]

That one about the version info is very good. Hadn't thought about that.

Me either! Good thinking!Now we know