IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [cms]

A Content Management System (CMS) is a platform used to build websites that are easily edited by multiple users.

CMS is an acronym for Content Management System. A CMS is a platform used to build websites that are easily edited by multiple users, without requiring large amounts of expertise in web development.

These platforms can also

  • extend their functionality through plugins for calendars, blogs, galleries and more
  • allow novice users to modify content through the use of editors similar to word processors
  • handle user access for viewing, modifying and promoting content
29 questions
6
votes
2 answers

How to ensure that our production environment deployment process is PCI-compliant when we need to perform live code updates?

In planning the next phase of our platform, I am trying to ensure that the production deployment process is PCI compliant. We have a central platform which acts as a CMS, serving custom content based on an event type, that will reside in a hardened…
ElHaix
  • 161
  • 4
5
votes
1 answer

Using client certificates for website authentication

I was wondering if there currently exists a Content Management System that supports PKI and client certificates for website authentication instead of username/passwords. If not, what's a good place to start on developing a site that uses this…
Python Novice
  • 531
  • 1
  • 6
  • 11
4
votes
1 answer

Root server hacked via httpd - consequences and future prevention

Since before mid 2014, my root server was targeted by hackers and recently they gained limited access. I disabled all services once I realized the server has been compromised and started investigating. According to the logs, this was approximately…
08frak
  • 303
  • 1
  • 2
  • 7
4
votes
2 answers

Does HTTP Digest Auth provide any increased security in this scenario?

Say I have a website running a popular CMS like Wordpress only over SSL through HTTP Strict Transport Security. Prior, the backend administrator login page could be accessed by anybody simply by adding /wp-admin to the URL, but using a mix of…
Python Novice
  • 531
  • 1
  • 6
  • 11
4
votes
3 answers

Techniques for fingerprinting a web based content management system (CMS)

Let's say we have a random basic blog or informational website: just some pages with information, a sidebar with an overview of the archives, the normal stuff. We know of this website that it's built with a CMS. How can we get to know which CMS…
user21287
4
votes
0 answers

Openssl cms verify signature with timestamp and crl

I've used OpenSSL cms to sign the data and generate a detached signature. As per my requirements, I need to timestamp the signature as well, so that if the certificate expired, verification of signature can be done. The generated timestamp is also…
saurabh
  • 723
  • 1
  • 4
  • 12
4
votes
1 answer

Potential risks of a single codebase for multiple CMSes

We are currently in the process of converting our multiple codebases (which are exactly the same, except for a configuration file and 2 stylesheets). We have been thinking about this for a while, and the idea for now is to determine the domain the…
pandaJuan
  • 43
  • 4
4
votes
0 answers

Detect malicious content on enourmous multi-site CMS

My Goal: My hope is to catch pages and content that would be flagged by Google Safe Browsing or others like it, except more proactive than waiting for a crawl by Google or being added to a blacklist. Basic Question: Is there a resource that you…
Tony
  • 66
  • 4
3
votes
1 answer

How to protect a website from DDoS without a CDN?

I have basic knowledge in Bash and with that knowledge I rented a remote machine in a mostly-self-managed hosting platform (DigitalOcean) and raised a LEMP environment on which I have a website. I protect my environment with SSHguard. I applied…
user9303970
  • 443
  • 1
  • 4
  • 15
2
votes
3 answers

Where is the most secure location to host an admin panel?

I have an admin panel on my site, that enables me to control the content on my website. In order for the admin panel to achieve this, I must have a connection to the site's database. I have two options for setting up my admin panel: Have the admin…
dspacejs
  • 163
  • 7
2
votes
2 answers

Do vBulletin and similar discussion forum CMS store previous email address and password hash in database?

I am in the process of De-Googling myself and setting complex passwords. I changed my registered Gmail to an alternative mail provider I changed my password to a complex one I use mostly vBulletin and similar forums. It's very well known that…
Sybil
  • 1,435
  • 2
  • 15
  • 29
2
votes
1 answer

Can a CMS generated HTML Document from an admin be considered trusted, and not vulnerable to XSS?

Currently, I am working on a CMS/Framework I developed that is similar to Wordpress, in that it is a platform for admins to create/post content for users. I am saving the HTML that is generated by editor fields in my database, and binding the HTML…
Torch2424
  • 23
  • 2
1
vote
1 answer

Ghost CMS abnormal access

I have a blog hosted with Ghost CMS. I created a new blog post (say "My New Blog") and correspondingly there was a url generated (mysite.com/mynewblog/) The weird part is that I saw an access to this post within 2 minutes of creating it. And ever…
sandyp
  • 1,146
  • 1
  • 9
  • 17
1
vote
0 answers

How to anonymize contributors while still keeping attribution?

Imagine a CMS with authentication where the author of each article has to be stored in the database. Now I want to make it harder to analyze (by crawling or stealing the database) who has written which article, while at the same time keeping that…
chiborg
  • 643
  • 1
  • 6
  • 12
1
vote
1 answer

Detecting SMIME type using OpenSSL CMS

Is it possible to detect S/MIME content types (enveloped or signed) using OpenSSL CMS API? I would prefer to avoid pre-parsing S/MIME headers and let OpenSSL to detect whether message is signed or encrypted. I'm looking for a method that would…
Valentin Balaschenko
  • 137
  • 2
  • 8
1
2