Discussion in 'General Webmaster Helpdesk' started by Duke, Aug 9, 2005.
... and why, assuming your using a content management system?
The community arround Mambo is huge and the templates / components and modules are growing rapidly on a daily basis... I tried the "nukes" and really couldn't get my head around them at all - mambo just seems more organised from an Admin point of view.
Mambo is also Search Engine Friendly - a term that is banded around the internet alot these days, but basically it uses mod_rewrite to change all those terrible dynamic URL's into "normal" ones...
I have a few website's running mambo at the minute - and I recommend it to a lot of clients, you can even wrap Mambo around any other script / page you like and it will still work fine!
I am interested into looking at other CMS's such as Mambo and XOOPS. The one feature I don't like about a few of the Mambo sites I'm registered at is the forums actually open up in a new window and aren't a module of the CMS. I'm not sure if this is the way it's set up or if it's personal choice.
How is the security with Mambo?
The forums depend on what software you are running... There are a couple of Forum components that are specifically designed for Mambo and fit into the site using the same CSS etc
Take a look at www.shawlife.co.uk to see what i mean..
The other forums are usually stand-alone and hence open in a new window...
I must admit to having a Mambo site hacked once, but this was on a old version - the newer verion(s) are a lot more secure... There is also a special devision of the Mambo core development team dedicated to security and lots of Mambo powered websites are part of a security monitoring "network" - and breach of security and all log files etc are sent to the security team who then find out how the hack was done and release an update... And there hasn't been a security update for quite a long time!
That sounds interesting. How hard is it to modify or create existing themes/blocks/modules in comparison to phpnuke or pn?
I like phpnuke purely because of the number of blocks and modules available and its ease of use, sadly it is VERY exploitable, it normally takes us about 10minutes to get into an installation for a customer if the conditions are right.
Postnuke is a more secure version of the nuke cms.
Mambo is nice but I think you have to be a bit more savvy to use it, fine for people on the net a while, otherwise our clients struggle and we end up doing all the config.
Xoops is very clean and tidy but again requires a bit of knowledge.
We have all the above on one-click installers for our clients so it makes it much easier for us and them to get it running, I find this makes a huge difference to customers
It's funny that you say that because I have two phpnuke sites and one pn site and it's the pn site thats been hacked twice and the phpnuke sites haven't been touched yet.
heh, luck of the draw, with all the windows boxes I have, it was a linux one I managed to compromise more easily as part of security testing. Needless to say we did a lot of work to secure it.
Perhaps there are more updates for your pn that need applying? Either that or someone was specifically looking for PN installs because of a specific known issue?!?
Are you talking about the Fantastico add-on for cPanel?
I find the Fantastico install of Mambo a total nightmare, it doesn't set the file permissions correctly and doesn't chown the files to the user, if doing installs of components & modules then this setup is fine - but as soon as you want to manually delete or overright files then the server will not let you because you are not technically the owner!
I don't know if this is a bug in Fantastico or something unique (and obviously wrong) with the version of Fantastico that we have running? I usually just let one of the spare office machines upload the Mambo files directly then I know the files will be editable later.
As for phpnuke and postnuke - I have also heard that postnuke is more secure, but if someone is determined to hack a site then it is more down to server security and correctly setup scripts (file permissions, adequate SQL passwords etc) then the script itself...
Separate names with a comma.