I left a paste site online on my web site for some six months where anyone could paste text. (It has been shut down in the last day.) Some 37000 posts were made, and from what I could tell they were overwhelmingly spam messages. (The “paste” concept of the site meant that the spam was never displayed via the front of the site, so the spam messages essentially just went in a hole where no one could see them.) But here’s the cool part–from what I can tell none of these posts were used in any effective hacking attempts.
That’s right–left out on a hostile web, the design for my free PHP CMS proved secure enough to keep those particular posts from causing any kind of text-injection-style hack. I’m inclined to think that for a lot of projects using text files [like I did for this code] to store data can be a lot safer than using a SQL database.
Now this is only anecdotal–I would still like to see a though security audit of the CMS–but I think this project passed a critical test.
Download the code here:
http://pacificpelican.us/cms
One thought on “my CMS code remained secure despite a hail of spam”
Comments are closed.