Harden Your Drupal Websites - From: Imminent Web Services

Posted by phunster on October 18, 2011 at 12:45am

http://www.imminentweb.com/technologies/harden-your-drupal-websites

Login or register to post comments Categories: , , , ,

Comments

Is that your site? Some of it

Posted by pwolanin on October 19, 2011 at 3:10am
pwolanin's picture

Is that your site?

Some of it seems reasonable, but some is wrong like:

"Especially, since Drupal-5 and 6 require PHP-5.1.6 and up, you should make sure you remove php3/4 modules."

Drupal 5 and 6 only require PHP 4

Another example is that removing the .txt files is considered a mostly pointless exercise - anyone who cares has other ways to fingerprint the site version.

Harden Your Drupal Websites

Posted by phunster on October 19, 2011 at 2:57pm

It's not my site, aside from the errors, it seems helpful.

As to the text files, I would agree with you, with one caveat. If your site has been specifically targeted, then it is indeed a pointless exercise, if not, this adds another step for the intruder. It has been shown (I can't cite a source, it's been a while since I worked in security) that in at least some cases the intruder will move on and look for an easier target. It's one of those precautions that while pointless much of the time, can't hurt.

I will forward your corrections and the url of this thread to them.

New York City

Group events

all events
Add to calendar

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.