System Administration

It was five years ago that I posted in programmer tradition at CMS Report, "hello world". At the time, I expected CMSReport.com to be around for only a couple years which was more than enough time for it to fulfill my purpose. At the time, I had an academic interest in information systems and found that Web-based content management systems were a nice way to put theoretical ideas into practical know-how. This site focused on content management systems in hopes of meeting the few other people out there that shared my interests in CMS.

In that first post, I actually wrote more than "hello world". The full title of the article was "Hello World, New Version". The phrase "new version" was in reference to CMSReport.com not being the first site I created to focus on the CMS.  A couple years earlier, I had tried to start up a website called WebCMS Forum. The online forum was intended to be a "place for those with a passion for web-based applications such as portals, blogs, and forums". I spent a lot of time and money on that site, but in the end few visitors joined in as members to talk about content management systems with me. If Twitter had existed back then I would have easily tweeted "WebCMS Forum RIP #failed".

Looking back at it now, I'm convinced CMS Report is a success because of my experience from failing so miserably with WebCMS Forum. Previously, I had tried to build a site for others to express their passion and obsession for their favorite content management systems. Here at CMSReport.com, I took the opposite approach and built the site for the sole purpose to talk about my passion for content management systems. It was a crazy idea to put my opinions at the center of CMS discussions as even now I do not consider myself an expert in content management systems. It was only by circumstance that I later realized people are attracted to other passionate people that ask questions and are willing to go at great lengths to find the answers. If you're looking for the facts you go to Wikipedia but if you're also looking for great discussion from people asking the same questions as you are; it is the blogs you seek.

You have just completed all the website development work and are ready to take it online. You started to search for a hosting plan that will suit your website and budget. You know the system requirements for Bitrix websites are: Apache 2, MySQL 5, PHP 5 etc. And you see that there a lot hosting plan that meet these requirements. But is it enough to check the system requirements only?

The real answer is – “no”.

Here are several things you should care about:

Main system requirements

Sure, your hosting tariff should meet all the system requirements.

This means that Apache, PHP and MySQL should be installed on the server in appropriate versions.

Sometimes the PHP version can be changed directly in server settings. You need to use either the hosting control panel or edit the .htaccess file. This can be tricky but you can always check it and fix it before the installation.

Specific server settings

• Be sure that you have safe_mode turned off.
• Safe mode may interfere with file and image uploads.
• You need to check the open_basedir settings in your php.ini file and disable it.
  

Slowly but surely, CMSReport.com has turned into a nice side business for me. The problem is that this site has grown to a point that it demands more of my time than I can currently offer it. The future of CMS Report is now sitting at crossroad. I plan to be spending the next few months deciding where this site should go from here.

Some of the options I am considering for this site include:

Like most website administrators, I have a long history of fighting spammers and protecting my sites from unwanted content. Over the years I've used a lot of tools and services to block spam from reaching the pages of my sites. In recent years, the service I've relied on most heavily is Mollom.  Mollom is a web service that helps you identify content quality and, more importantly, helps you stop spam on your blog, social network or community website

Overall I've been very happy with the spam filterering Mollom provides for my sites. However, occasionally Mollom can be too aggressive and remove legitimate story and comment submissions. And when I say "remove" I most definately intend to use the word in the literal way. You see, up to now, Mollom had an "all or none" approach to rejecting or accepting spam. When your stories or comments were rejected, the content submission was simply discarded without review by a human.

If you've ever submitted good clean content to CMSReport.com or another site only to only have it identified and discarded as spam, you have every right to be upset with spam filters. Over the past couple months, I've had a number of people upset that the spam filtering CMS Report has been using rejected their story submission. This may not be all the fault of Mollom either as I was also using the Bad Behavior module too. My apologies to everyone that has gone through this experience when they've submitted legitimate comments and stories to this site. Unfortunately, without spam filtering the content on this site would not be good to view. Spam filtering is a necessary part of maintaining a site open to the public.

Luckily, there has been some improvements in the Mollom for Drupal module that should keep your posts and comments from getting discarded while continuing to protect this site from spam. The module has now been improved to to retain spam comments as unpublished posts in a site's moderation queue. So we're giving the new module a try. I won't promise that your content will not be identified as spam, but I do promise you that every intent is being made to review your comments and stories for publication.

Jay Gilmore wrote to us the other day. Jay wanted to make sure we were aware that MODx 2.0.2 was released last Friday. Lots of bug fixes and improvements in this one that you might just notice a performance improvement. You can check out Jay's announcement below or at the MODx site.

MODx Revolution 2.0.2 Brings a Little More Speed and Lots of Little Fixes

I will be taking my annual break from technology. From now through August, I'll be posting and managing the site a little less. I won't be abandoning CMS Report, but you will be seeing me a little less.

Last week was a very frustrating time for me. For whatever reason, an unusually number of botnets decided to zero in on my Drupal site and created what I call an unintentional  Denial of Service attack (DOS). The attack was actually from spambots looking looking for script vulnerabilities found mainly in older versions of e107 and WordPress. Since the target of these spambots were non-Drupal pages, my Drupal site responded by delivering an unusually large number of "page not found" and "access denied" error pages. Eventually, these requests from a multitude of IPs were too many for my server to handle and for all intents and purposes the botnet attack caused a distributed denial of service that prevented me and my users from accessing the site.

These type of attacks on Drupal sites and numerous other content management systems are nothing new. However, my search at Drupal.org as well as Google didn't really find a solution that completely addressed my problem. Trying to prevent a DDoS attack isn't easy to begin with and at first the answers alluded me.

I originally looked at Drupal for the solution to my problems. While I've used Mollom for months, Mollom is designed to fight off comment spam while the bots attacking my sight were looking for script vulnerabilities that didn't exist. So with Mollom being the wrong tool to fight off this kind of attack, I decided to take a look at the Drupal contributed model Bad Behavior. Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots then blocks such access and logs their attempts. I actually installed an "unofficial" version of the Bad Behavior module which packages the Bad Behavior 2.1 scripts and utilizes services from Project Honey Pot.

As I had already suspected, looking for Drupal to solve this botnet attack wasn't the answer. Pretty much all Bad Behavior did for me was to take the time Drupal was spending delivering "page not found" error pages and use it to deliver "access denied" error pages. My Drupal site is likely safer with the Bad Behavior module installed, but it was the wrong tool to help me reduce the botnets from overtaxing Drupal running on my server. Ideally, you would like to prevent the attacks ever reaching your server by taking a look at such things as the firewall, router, and switches. However, since I didn't have access to the hardware, I decided it was time to look at my Apache configuration.

After two years of spam protection by Mollom people are beginning to proudly show off their ham/spam stats. Davy Van Den Bremt over at Drupal coder writes:

If you're happy about Mollom, just shout it out on Twitter, Facebook, your blog, ... by putting up a screenshot of your stats and saying how many spam has been caught by Mollom. You can find the stats of your site on your Mollom account. If you're using Drupal, you can find them under Administer > Reports > Mollom Statistics.

If you're using Twitter, use the hashtag #mollomstats. I'm looking forward see how much crap content Mollom has spared us from.

Earlier this week, I announced a new site that I'm working on under the domain SocPub.com. What I didn't say in the announcement was which CMS I was going to use for the site. I also didn't say that my choice in the CMS version could be considered by some as risky. I have decided to use the alpha/beta/release candidates of Drupal 7 for the SocPub site.

We lasted nine months. That's right, for nine months we hosted our Drupal site with a shared hosting account. Last January, I knew we were taking a gamble but the monthly cost savings for hosting the site was just too tempting. In this end though, CMS Report was too busy and exceeded the shared hosting provider's CPU usage policy.