Could you provide us the changes you have made that is now preventing WPMU from working properly in relation to mod_security.
No editing, spamword updates, blacklist updates, theme editing....or any other editing can now be performed.
??
Could you provide us the changes you have made that is now preventing WPMU from working properly in relation to mod_security.
No editing, spamword updates, blacklist updates, theme editing....or any other editing can now be performed.
??
When did it last work with mod_security working? Does anything show up in the logfiles?
It works fine with the 2005-03-15 WPMU, but none of the latest ones. Any function that edits and/or adds data results in a 404, but no errors in the logs.
My mod rules are updated as often as new ones are released, but I continually check making sure they aren't disallowing certain functions in WPMU.
Very puzzling.
donncha. wonder if you could email me with mod_security rules to check that will enable wpmu to work correctly without compromising server security.
seems there are several rules ms has in place that prevent wpmu working properly with it's current coding on a FC1 server.
k
Unfortunately I've never used mod_security and I don't have the time to learn a new package right now. Can you experiment on a dev server and post some details here?
I can do that, and will keep you up-to-date, but not in the forums.
Curious, though... With the whole project in mind, how can it be developed without server security in mind?
Currently, the mod_security rules that need to be modified leave server(s)/client(s)/domain(s) open to possible hacks/access attempts and security problems.
Sometime ago, this issue came up (on the old forums) and we modified the security rules only to end up with successful hacks on several WPMU sites.
We have no plans to modify our security apps and/or rules to further test WPMU on any production server, thus we will no longer provide WPMU to anyone until this issue is resolved.
Security is very important - that's why Smarty is operating in safe mode and why I took several options out of the backend.
If you come across exploitable security holes (I'm sure they're there if you look hard enough!) then email me at the usual address, donncha @ linux.ie and I'll fix them!
No problem :at all: letting you know what exists.
SMARTY doesn't cover it all, though.
Our concern is having to "modify" security rules to allow WPMU to function properly on a normal install without modification of the current and/or updated rules.
Our last two updates of rules rendered WPMU inaccessible or left us open to possible risks (with two actual accesses through WPMU sites)
Yes, I'm anal when it comes to our server. Yes, I'm unwilling to change the mod:rules to allow WPMU to function properly.
BUT, I'm a WPMU supportor and wish to promote, serve and protect WPMU to the end.
There are particular calls that violate current and probably future mod rules that we hope can be addressed and worked into future WPMU releases.
In addition we hope all OS can be worked in. We know, recognized and reward you and all of the development team and hope this is going to become the standard.
Just hear us for a positive result and not as a criticism.
We're here for you and the project.
Sorry, but we are discontinuing any further hosting of WPMU until server security for all OS becomes part of the development of this project.
We offer our apologies, but cannot take time to modify and/or monitor security flaws in the project while protecting our interests.
Can you email me those rules and descriptions of problems at donncha @ linux.ie please? I don't have any experience with mod_security so your help will be invaluable!
Sorry for the absence lately. Been much to busy to visit and comment and/or respond.
We are also sorry to say that the latest of the WPMU snaps are now even less Plesk/Fedora friendly than the versions we have previously questioned problems with.
Don't misunderstand me please, but are you guys trying to re-invent the wheel?
Between the problems with mod_security and Plesk it would seem we will never have the option of using WPMU again.
waa :(
If you help and report the problems I can help fix them. I've never used Plesk. Can you give me a Plesk-enabled account somewhere where I can test WPMU?