February 11, 2006
Movabletype Blogs... admin is...
Robin
For putting together an awesome display for wawadave:
http://wawadave.castlecops.com/
She's been working so hard on this one (neither of us have spent much time on the display side of MT).
So.. Robin, you're the MT admin now!
Continue reading "Movabletype Blogs... admin is..."
Posted by Paul at 05:49 PM | Comments (0) | TrackBack (0)
September 30, 2005
Server swap for buster
Alrighty then, buster's hard drive has been swapped out and placed into a slightly better "duplicate" server. Hopefully it wasn't a HD or OS issue. /me crosses fingers
Posted by Paul at 02:37 AM | Comments (0) | TrackBack (0)
September 28, 2005
MovableType PHP Execution Exploit Secunia Advisory 16899
Regarding Secunia Advisory SA16899.
Solution #2 for "granting access to trusted users only" is not an option in my humble opinion. Long before this advisory came out about PHP execution I have already placed a restriction on it within Apache:
This is by no means all inclusive or an exact match for what I have, but it gives you a starter (place it within the Directory directive for apache):
<FilesMatch "\.(php|inc|tpl)$">
deny from all
</FilesMatch>
It will not permit execution of uploaded files. Granted, the files may still be put there, but they can't be run. And that is a much better stop-gap solution than relying solely on "trusted users".
Posted by Paul at 11:43 PM | Comments (0) | TrackBack (0)
September 14, 2005
busterbunny issues
I've been doing some intense work on busterbunny the past couple days, and it seems to be faulting and rebooting. Once again, it has rebooted today, twice this week after about a 240 day uptime streak. Hey, it happens. I'm looking into it.
Posted by Paul at 03:38 PM | Comments (0) | TrackBack (0)
September 13, 2005
Server Rebooted
Rebooted the server yesterday after about 245 days straight uptime. :D
Posted by Paul at 10:57 PM | Comments (0) | TrackBack (0)
September 07, 2005
More blogging stuff
OK another blog has just been created for http://dog.castlecops.com, so we have to wait for DNS to populate. In addition, with the use of modsecurity the authors will all soon have access to the configure|settings section minus the publishing pane. Very cool stuff modsecurity.
Posted by Paul at 10:53 PM | Comments (0) | TrackBack (0)
September 04, 2005
Can't deny access to Movabletype "Publishing" Pane?
Well in a thread I started up here at the movabletype forums:
http://www.movabletype.org/support/index.php?act=ST&f=12&t=54330
Turns out the feature request has been going on for years. I can't wait.
With the ease of modsecurity, I wrote up a simple filter that permits authors entry into the entire Configure | Settings minus the "Publishing" pane. So this means for all those who offer shared movabletype blog hosting, you no longer need to keep the Settings page locked down from your clients... give them access knowing the "Publishing" pane is inaccessible.
Phew.
Posted by Paul at 07:43 PM | Comments (0) | TrackBack (0)
Upgraded to MovableType 3.2
Ok we've gone from 3.15 to 3.2 fairly easily and quickly. One problem, I was no longer sysadmin, so a quick SQL UPDATE to the authors table and I was good to go. However, I'm tripping out on a feature request I wanted for a while, but not as long as the request was for written (at least 2002).
http://www.movabletype.org/support/index.php?act=ST&f=12&t=54330
Basically, it is to set author permissions on a per-weblog basis. One thing that everyone seems to be asking for is the lockdown of the "Publishing" tab because paths can be changed there. About 3 years at least and this feature request is still just that.
Ok, I think its time to implement it folks.
Posted by Paul at 02:47 PM | Comments (0) | TrackBack (0)
August 31, 2005
MT Ver 3.2 Out
And I'm checking it now... possible upgrade today. See details:
http://www.sixapart.com/movabletype/news/2005/08/movable_type_3_2.html
Posted by Paul at 03:53 PM | Comments (2)
August 10, 2005
Wiki Modifications
We've been hard at it working the wiki site:
http://wiki.castlecops.com
Staff roles and responsibilities have been created. And an about us page is now up and running.
Both are a work in progress.
Posted by Paul at 01:05 PM | Comments (0)
August 08, 2005
Trackback spam
The unending supply of trackback spam... I cannot wait for the nextgen MT to come out and installed here. I should be able to select all the TB's from across the board and remove them... That is the one component to MT that is a bit rough around the edges. I cannot admin across the board, instead, one by one.
Posted by Paul at 10:04 PM | Comments (0)
August 07, 2005
MovableType 3.2 Coming
Well it seems that movabletype 3.2 is coming. Right now its in beta phase, but the features look like something we've all been waiting for. Once it goes gold, we'll be looking at upgrading MT here for the staff blogs.
Posted by Paul at 02:02 PM | Comments (0)
April 24, 2005
MediaWiki upgrade
Alright, I just upgraded MediaWiki from 1.40 to 1.42 to handle some security issues. Easy cheesy.
Posted by Paul at 08:53 PM | Comments (0)
CastleCopsWiki Live
CastleCopsWiki is a new CastleCops service dedicated to the capture, retention, and collaborative updating of important information relating to computer security.
Both seekers and contributers of such information are most welcome:
- You're tired of attempting to guess that perfect search term to coax information from the CastleCops forums, and you've been around the CastleCops forums (or any web-based forum for that matter) long enough to know how excellent information, unless stickied, drifts down the topic list, quickly lost in the sands of time. Compounding that, information is all too often obscured by the oceans of unrelated discussion.
- You have computer security-related information you'd like to share with CastleCops members and the cyber-world at large, and would enjoy collaborating with other experts to best present the information to readers.
Posted by Paul at 08:11 PM | Comments (0)
April 22, 2005
MT 3.16 Released
Six Apart has released an updated version # 3.16. Ok, sounds good.. one problem I see they need is the ability to approve trackbacks. I've been getting tons of spam trackbacks.
Posted by Paul at 10:54 PM | Comments (0)
April 20, 2005
Netcraft uptime
Ok then, with last night's planned outage for castlecops.com, busterbunny is now holding the longest current uptime. Ok, castlecops had about 140 days straight uptime, but compare the current and the history:
busterbunny uptime
castlecops.com
Posted by Paul at 01:39 AM | Comments (0)
April 18, 2005
ModSecurity 1.8.6 -> 1.8.7 Upgrade
Ok, modsecurity 1.8.7 has now been installed and some newer directives have been inserted. Restarted apache successfully.
Posted by Paul at 12:05 AM | Comments (0)
April 17, 2005
Testing Imagemagick 6.1.8 -> 6.2.1
Imagemagick upgraded and testing it now with a thumbnail...
Posted by Paul at 11:48 PM | Comments (0)
MySQL 4.1.8a -> 4.1.11
Ok! MySQL now upgraded from 4.1.8a to 4.1.11. PHP mysql/mysqli client will also be rebuilt with the new codebase. PHP soon to be upgraded to 5.0.4 from 5.0.3.
Posted by Paul at 08:43 PM | Comments (0)
Anti-spam comments and pings
Ok I'm thinking of adding in this Bayesian 1.1 filter for MT to learn and catch the spam comments and pings. Well, we don't have an issue with comment spam, but we do with comment pings. For the main buster MT blog, I just deleted 114 comment pings. Guess I should have saved them and taught the Bayesian filter. Before I install it, time to run some backups first.
http://www.sixapart.com/pronet/plugins/plugin/bayesian.html
Posted by Paul at 04:50 PM | Comments (0)