Posted by phunster on October 18, 2011 at 12:45am
Harden Your Drupal Websites - From: Imminent Web Services
Group organizers
Group categories
Categories
- Drupalcamp16 (6)
- Lessons (130)
- Meetups (474)
- Social (138)
- Community Life (75)
- DrupalCamp (246)
- Past Camps (96)
- DrupalCampNYC11 (4)
- DrupalCampNYC12 (4)
- DrupalCampNYC10 (33)
- DrupalCampNYC 9 (5)
- DrupalcampNYC 7 (20)
- Drupalcamp15 (2)
- DrupalCamp6 (13)
- DrupalCamp5 (15)
- Past Camps (96)
- Featured topic (3)
DrupalCamp
- Camp News (28)
- Drupalcamp15 (2)
- Drupalcamp16 (1)
- NYCCamp15 (1)
- Camp Question (14)
- Past Camps (142)
- NYCCamp14 (12)
- DrupalCampNYC12 (2)
- DrupalCampNYC11 (1)
- DrupalCampNYC10 (16)
- DrupalCampNYC9 (7)
- DrupalCampNYC8 (94)
- BOF or Sprint Proposal (10)
- Session Type (160)
- Site Building (41)
- Design/Usability/Theming (8)
- Programming and Module Development (28)
- Site Showcase (4)
- Drupal for Businesses (12)
Hot content this week
-
1 day 14 hours ago
-
4 days 5 hours ago
Comments
Is that your site? Some of it
Is that your site?
Some of it seems reasonable, but some is wrong like:
"Especially, since Drupal-5 and 6 require PHP-5.1.6 and up, you should make sure you remove php3/4 modules."
Drupal 5 and 6 only require PHP 4
Another example is that removing the .txt files is considered a mostly pointless exercise - anyone who cares has other ways to fingerprint the site version.
Harden Your Drupal Websites
It's not my site, aside from the errors, it seems helpful.
As to the text files, I would agree with you, with one caveat. If your site has been specifically targeted, then it is indeed a pointless exercise, if not, this adds another step for the intruder. It has been shown (I can't cite a source, it's been a while since I worked in security) that in at least some cases the intruder will move on and look for an easier target. It's one of those precautions that while pointless much of the time, can't hurt.
I will forward your corrections and the url of this thread to them.