⤫ Kununu Ե Twitter ⴳ  Flattr
 
 
CMS Change of the ✛ΔO Web Portal
Friday, 15 March 2013
After two years in the making, the organization released its new offline Web Content Management System, named »LXCMS«. That system is part of the organization's recent strategy to improve its overall system security, in the wake of increased world-wide threats to cyber as well as information security.

The new system is set to improve the situation in the area of content delivery, though Joomla! SE was our trusted wCMS software in operation for a long time [1]. However the underlying Joomla! was always developed for the masses to fit their unspecific needs. Additionally Joomla! was always licensed under the GNU/GPL, unlike our new LXCMS which was put under our much simpler LTDL 2010. With Joomla! SE we could not have done the same thing for obvious legal reasons.

Also Joomla may have been easy to install and upgrade, but was time-consuming to administer in later stages of use [2]. The Joomla core itself was reliable indeed and so was the core of our wCMS Joomla! SE. Further developments though required our systems engineers to acquire a deeper knowledge of the software's code base [3]. Unfortunately development was never optional but explicitly mandatory, since new features and security enhancements had to be ported back to our advantage and our security.

In 2013 we decided to shut down Joomla! SE, as a part of our organizations strategy to security enhance every system and therefore every piece of software used in day to day operations [4]. The content from Joomla! SE was exported as static HTML and all MySQL databases and PHP parsers were shut down and purged from the systems entirely. LXCMS is being operated on our build systems to generate content for static site export to our web servers. The present portal minor version was also increased to reflect our endeavor in code/markup, content and design improvements.
 
Joomla! SE v1.2 problems:

  • Completely  MySQL  database  driven  site  engine  with  no  alternatives to  it like  files
  • Browser  or  FTP  upload  of  content  to  our  own library for  use  anywhere  on  the  site
  • Dynamic Forum/Poll/Voting booth for on-the-spot results and JS/ECMAScript in forms
  • Runs on GNU/Linux, FreeBSD, MacOS X server,  Solaris and AIX, req. PHP interpreter
  • Author  submission module for news,  articles,  FAQs or links, but no   versioning here
  • Automatic  path-finder   for  media   placement  which  works   differently   from  the  rest
  • Custom  page/site modules can be downloaded and installed to "spice" up ones site
  • A system  like Joomfish!  had to be  integrated to  reflect different   content  constraints
  • Customized themes,  that must be accessible and valid but,  were often times  invalid
  • Restructured  archives  based on  RBAC permission  system but no MAC or OS  ACLs
  • Multi-editor   environment  installation  required   to   satisfy    web-pros   and beginners
  • JoomSEF  used to make content-search easier but added another layer of complexity
  • 5000+  lines of .htaccess  included to filter  spam-bots and injections   on  server level
  • Back-end  thoroughly secured  with anti-DOS/Inject/etc., encryption and db  hardening

LXCMS v1.1 new features:

  • Runs  with  flat files  which can be  distributed, filled  w/ content and  backed up  easily
  • No classic  front-end & back-end  required,  only  shell  scripts and  versioning system
  • Forms e.g. for polls are  now unnecessary  and therefore  removed incl. ECMAScripts
  • Runs on all web servers  that support SSI/mod-include and that can serve HTML files
  • Content  submission  v/ TLS  secured  channels  either by copy&paste  or  ver.  system
  • Uniform  system for  links with  SSI which is  always the same  within  the  whole  code
  • No modules like in other CMS systems which have the potential for total compromise
  • No  translation engine req'd since  everything works  out of the  box now   with flat files
  • The theme is deployed via one central HTML and one CSS file with compliant markup
  • RBAC is the minimum req'd on the server and no ACL is required within the CMS core
  • No editor environment is installed since authors handle things locally to write markup
  • No  SEF  core req.  which dramatically  reduces  problems with indexing  and changes
  • Most .htaccess  information  specific to Joomla! SE was replaced by   generic content
  • The CMS system generates static HTML and demands no hardening/enhancements
 
The outline above considered, we at TRON-DELTA.ORG think that LXCMS will successfully fulfill our requirements for the representation of our organization as well as the publication of news articles, intelligence reports and project-related information [5].
 
References:
Last Updated (Wednesday, 01 April 2015)
 
 
Folding@Home
 

DOCUMENT TIME

  2017-04-24  ☀  16:00 UTC

CYBER THREATCON

  ✛ΔO CYBER THREATCON: Level BETA

SECURITY MODULE

  ᐅ REQUESTOR / YOU
  ᐊ 1&1 INTR. AG  CDN

POLL / VOTE

Should ✛ΔO engage more in counter-intelligence?
⚫ Yes, there is a need for such operations.
⚫ No, because it may be very dangerous.

BOOKMARK

Press Cmd or Ctrl + D
Press Cmd or Ctrl + D

STATISTICS

  Visitors: 618.250+ ℮

CAMPAIGNS

  25 Years of Linux

TECHNOLOGY BASE

COAT OF ARMS

  Code Of Arms: Frankfurt

OPERATING STATUS

  Facility: open and operating
 
©  2003 - 2017   TRON-DELTA.ORG  (NGO)   –   Nongovernmental  Intelligence  Organization
Portal v5.04.050 R 1 on ✛ΔO LXCMS v1.1