Theme by iThinkMedia.com footer - Beacon for Hackers? :: Zikula Community

Try Zikula 1.3.1!New core, modules & more

Download Zikula!Version 1.2.8 (stable)

Theme by iThinkMedia.com footer - Beacon for Hackers?

Print topic

Go to page 1 - 2 [+1]:

animateclay

Rank: Registered User

Registered: Jul 02, 2009

Last visit: Jul 04, 2009

Posts: 10
Posted: Jul 02, 2009 - 04:21 AM

Call me paranoid, but I like to keep a low profile when it comes to exposing my CMS on google. Mainly because I had a major spam problem in the past with our earlier comment system.

I have a fairly popular site, so google indexes me at the top for a few things. One being the footer for the Zikula template Seabreeze just after two days.

I come up #2 on google for a search for the footer message.

http://www.google.co…earch&aq=f&oq=&aqi=

I don't mind entering a link in my web links area to give iThinkMedia credit. In fact that's what I would like to do so I can re-word the message and make it harder for my site to pop up so easily. Can anyone point me to the HTML file location to edit the footer?

I'm new to CSS and it seems that my editing of certain files within the theme directory didn't give me any results - so I think I'm looking in the wrong place. Any help is greatly appreciated.
craigh

Rank: Developer

Registered: Jun 16, 2003

Last visit: May 29, 2010

Posts: 1915
Posted: Jul 02, 2009 - 04:26 AM

the file you want to edit is

/themes/SeaBreeze/lang/eng/global.php

the last line (probably)
animateclay

Rank: Registered User

Registered: Jul 02, 2009

Last visit: Jul 04, 2009

Posts: 10
Posted: Jul 02, 2009 - 04:37 AM

Excellent, thank you Craigh - edited it and fixed it. Will make the permanent change later
bronto

Rank: Softmore

Registered: Dec 31, 1969

Last visit: May 07, 2010

Posts: 486
Posted: Jul 02, 2009 - 05:36 AM

Ha! My site comes up first on that list :D

Hasn't been hacked since the .714 days...
animateclay

Rank: Registered User

Registered: Jul 02, 2009

Last visit: Jul 04, 2009

Posts: 10
Posted: Jul 02, 2009 - 06:10 AM

bronto
Ha! My site comes up first on that list :D

Hasn't been hacked since the .714 days...

That's good to know
dks

Rank: Softmore

Registered: Feb 07, 2003

Last visit: May 31, 2010

Posts: 404
Posted: Jul 02, 2009 - 01:37 PM

Personally, I think Seabreeze should be revamped or removed from the next release of Zikula. It suffers from major bloat.
**unknown user**

Rank: Expert

Registered: Mar 16, 2002

Last visit: Apr 02, 2010

Posts: 1208
Posted: Jul 02, 2009 - 02:34 PM

Looks like this thread is #1 on that list now....
animateclay

Rank: Registered User

Registered: Jul 02, 2009

Last visit: Jul 04, 2009

Posts: 10
Posted: Jul 02, 2009 - 02:41 PM

Too funny. Well, one good thing about that is that others will quickly find out how to modify the footers. As for Seabreeze being bloated, for me it is the only theme that's worked well with the upgrade to Zikula. The other themes I've tried made most of the inserted block images show up in crazy positions, have borders etc.

Seabreeze ended up working best for me, but I'm definitely up for trying something new if it is easy enough for me to work with.

Got any suggestions for nice 3 row themes Darryl?
nestormateo

Rank: Team Member

Registered: Sep 06, 2006

Last visit: May 09, 2010

Posts: 2411
Posted: Jul 02, 2009 - 04:29 PM

one of the latest and nice themes IMHO is KeepItSimple:
http://www.blanktheme.org/KeepItSimple

You can download it here.

--
- Mateo T. -
Mis principios... son mis fines
drak

Rank: Software Foundation

Registered: Jul 21, 2001

Last visit: May 31, 2010

Posts: 604
Posted: Jul 02, 2009 - 04:38 PM

How on earth is a backlink a "beacon for hackers" exactly? Hackers can only exploit vulnerable software, so if you have a spam issue or whatever then you need to lock down your site and make sure you have everything up to date. If there are issues report bug with the authors of whatever you are running.

To be quite clear about it, spammers don't search for backlinks to find vulnerable software, they search URL patterns using search engines and by URL patterns I mean the top link entered into the browser. There are other ways of harvesting vulnerable sites too, but really, they don't involve searching backlinks on a site simply because it's not a reliable method. Spammers use completely automated methods and just pulling backlinks to www.ithinkmedia.com would pull plenty useless results. Spamming is a science, they make tremendous amounts of money doing so and believe me, the hackers behind exploits aren't careless or inefficient in the slightest.

Hope this help clarifies the matter.

Drak

--
Zikula Lead Developer
Board Member of the Zikula Foundation
Follow me on twitter.com/zikuladrak
dks

Rank: Softmore

Registered: Feb 07, 2003

Last visit: May 31, 2010

Posts: 404
Posted: Jul 02, 2009 - 05:38 PM

animateclay
Seabreeze ended up working best for me, but I'm definitely up for trying something new if it is easy enough for me to work with.

Got any suggestions for nice 3 row themes Darryl?

If you want a web 1.0 theme "from the 90's" with bonus animated "e-mail me" icons, then I'm your guy.

There's a plethora of well done themes in the downloads section of this web site.
drak

Rank: Software Foundation

Registered: Jul 21, 2001

Last visit: May 31, 2010

Posts: 604
Posted: Jul 02, 2009 - 05:57 PM

OT: @Darryl - Nice looking box of cigars!

--
Zikula Lead Developer
Board Member of the Zikula Foundation
Follow me on twitter.com/zikuladrak
animateclay

Rank: Registered User

Registered: Jul 02, 2009

Last visit: Jul 04, 2009

Posts: 10
Posted: Jul 03, 2009 - 11:28 AM

drak
How on earth is a backlink a "beacon for hackers" exactly? Hackers can only exploit vulnerable software, so if you have a spam issue or whatever then you need to lock down your site and make sure you have everything up to date. If there are issues report bug with the authors of whatever you are running.

To be quite clear about it, spammers don't search for backlinks to find vulnerable software, they search URL patterns using search engines and by URL patterns I mean the top link entered into the browser. There are other ways of harvesting vulnerable sites too, but really, they don't involve searching backlinks on a site simply because it's not a reliable method. Spammers use completely automated methods and just pulling backlinks to www.ithinkmedia.com would pull plenty useless results. Spamming is a science, they make tremendous amounts of money doing so and believe me, the hackers behind exploits aren't careless or inefficient in the slightest.

Hope this help clarifies the matter.

Drak

Well not being a spammy person myself, my guess is if you have some sort of code to insert spam messages into a zikula/postnuke based site, you could sniff out sites based on the footers that they all have in common. I see that I'm probably wrong in my way of thinking because I don't understand it too well.

The reason for me being paranoid was my site got hit super hard by comment spam, I see now with EZ Comments they implimented the new Akismet spam filter which is great! I am using it now and just from an initial test it's working out perfect.
slam

Rank: Team Member

Registered: May 03, 2004

Last visit: May 31, 2010

Posts: 509
Posted: Jul 03, 2009 - 09:49 PM

As Drak already stated, the vast majority of spam comes from professional organizations, who employ top programmers and adapt their tools (viruses, malware, rootkits, bot nets, ...) every day. Hiding type and version of your operating system, PHP, MySQL and Zikula is useless, but unfortunately the "security" myth is still spread among admins that you should do so. Avoiding back links falls into exactly the same category.

Greetings,
Chris

--
an operating system must operate
development is life
my repo
manarak

Rank: Helper

Registered: Dec 31, 1969

Last visit: May 20, 2010

Posts: 524
Posted: Jul 06, 2009 - 10:39 PM

I have to disagree on that obfuscation is useless.

Most hackers who want to use some 0-day exploit will scan the net for versions.
Obfuscation can give you the 2 or 3 days time you need to upgrade your system, for example if you've just been away for the weekend.
It will not work in the long run, but it gives you a small chance of not being hacked in the first hours, and it is easy to do.

edited by: manarak, Jul 06, 2009 - 10:40 PM