Last week was a very frustrating time for me. For whatever reason, an unusually number of botnets decided to zero in on my Drupal site and created what I call an unintentional  Denial of Service attack (DOS). The attack was actually from spambots looking looking for script vulnerabilities found mainly in older versions of e107 and WordPress. Since the target of these spambots were non-Drupal pages, my Drupal site responded by delivering an unusually large number of "page not found" and "access denied" error pages. Eventually, these requests from a multitude of IPs were too many for my server to handle and for all intents and purposes the botnet attack caused a distributed denial of service that prevented me and my users from accessing the site.

These type of attacks on Drupal sites are nothing new and have been observed and discussed at great length at Drupal.org. However, my search at Drupal.org as well as Google didn't really find a solution that completely addressed my problem. Trying to prevent a DDoS attack isn't easy to begin with and at first the answers alluded me.

I originally looked at Drupal for the solution to my problems. While I've used Mollom for months, Mollom is designed to fight off comment spam while the bots attacking my sight were looking for script vulnerabilities that didn't exist. So with Mollom being the wrong tool to fight off this kind of attack, I decided to take a look at the Drupal contributed model Bad Behavior. Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots then blocks such access and logs their attempts. I actually installed an "unofficial" version of the Bad Behavior module which packages the Bad Behavior 2.1 scripts and utilizes services from Project Honey Pot.

As I had already suspected, looking for Drupal to solve this botnet attack wasn't the answer. Pretty much all Bad Behavior did for me was to take the time Drupal was spending delivering "page not found" error pages and use it to deliver "access denied" error pages. My Drupal site is likely safer with the Bad Behavior module installed, but it was the wrong tool to help me reduce the botnets from overtaxing Drupal running on my server. Ideally, you would like to prevent the attacks ever reaching your server by taking a look at such things as the firewall, router, and switches. However, since I didn't have access to the hardware, I decided it was time to look at my Apache configuration.

read more

I continue to hear great things about EPiServer from Blend Interactive's Dean Barker and other folks in the CMS industry. Their accolades for this CMS is one of the reasons I decided to begin focusing on EPiServer here at the site.

Honestly, I don't know enough about EPiServer which is why some of the EPiServer fanboys have promised getting together with me sometime to talk about this platform.  Until my education is complete, I'm going to resort to cheap writing by using press releases and blogs to get some of my information out to you about EPiServer. For instance, lets see if this product announcement by EPiServer's marketing gets you interested to hear more about their products:

EPiServer announces the release of EPiServer Relate+2 , a product package for EPiServer CMS 6, which containsEPiServer Community 4 and EPiServer Mail 5. It also includes a sample website which shows how to combine these three products to build a powerful online community. In today’s conversation economy the ability to get involved in websites where users are free to create, organize and share know-how and experiences in the form of words, pictures and videos is becoming more prevalent and Relate+ makes it a seamless experience for community members, community owners and moderators.

Included is support for Open ID where users can use an existing login ID to sign into multiple websites. The same rich text editor found in EPiServer CMS, TinyMCE, is now used for writing blog posts and the MetaWeblog API is also supported, so users can use their favorite blog applications, such as iBlogger for the iPhone or Live Writer for Windows, when creating or editing blog posts. In combination with blog syndication and ping/ pingbacks, Relate+ is a full-fledged blog engine.

Additional information about EPiServer Relate can be found at EPiServer.com.

read more

A new version of our favorite Ruby on Rails CMS has been released, Radiant CMS 0.9.0. Obviously, I spoke a little too soon last October when I announced that 0.9.0 was coming soon. Each open source community has their own pace and time-line for releasing the release candidates of their software. In retrospect, I should have noted that Radiant CMS developers like to take their time in making sure the Radiant releases are at a level of quality and stability they're comfortable with before releasing the final versions to the general public.

So what's new in the 0.9.0 version of Radiant CMS? Radiant now has a new UI, support for internationalization and loading of extensions as gems. Some of the more significant new features in this version of Radiant include::

• There are new features for pagination (requiring will_paginate).


• You can now run Radiant from a sub-directory.


• When selecting a published date in the future, Radiant will treat the content as hidden until that date


• Extensions may be loaded as gems and generated extensions now have features to easily create gems with Jeweler


• Radiant CMS is now running on Rails 2.3.8 (bundled with Radiant)

If you would like more details on the changes in Radiant CMS, you can always check out the CHANGELOG. Radiant 0.9.0 CMS is available for download from the RadiantCMS.org website.

In case you haven't heard, WordPress 3.0 was released last week. This is probably the first time I've been behind in blogging about the official release of a new major version of WordPress. However, since I told you all about WordPress 3.0 coming soon a couple weeks ago, I felt there wasn't a need to rush and tell you to go get WordPress 3.0 and try out all it's new features including taxonomy and multiuser integration. Instead, I spent this past week seeing how others reacted to WordPress 3.0.

As a fan of open source content management systems, its been rather pleasing to see some of the larger technology publications spend more time talking about applications like Drupal, Joomla, and WordPress. For the tech press, WordPress 3.0 was no exception with some of the major players such as Computerworld, PCWorld, and TechCrunch all making sure they spin out an article reviewing this latest version of WordPress.

What may surprise you though, is that open source CMS is just not an interest of computer geeks. Slowly but surely, open source CMS is the talk of business folks too. For example, both Fast Company and BusinessWeek made sure that they included articles this past week on WordPress 3.0. In the Fast Company article, Francine Hardaway writes some classic things to why business should pay attention to WordPress. Some of my favorite lines from her article, "6 Reasons Small Businesses need WordPress":

• "WordPress can do anything you need it to do, and for a small business, that's a gift usually reserved for expensive sites."
• "Plug-ins for WordPress are the business-to-business version of apps for the iPhone."
• "WordPress no longer looks like a blog. For small businesses who wouldn't know a blog from a bag of potato chips, WordPress is a website, otherwise known as a content management system."

These are all some fantastic words from Hardaway and I think they show that applications such as WordPress are making a significant impact in the business world. I wouldn't call WordPress an ECM, but it most definately walks and talks like a CMS for the small business folks. If you haven't taken a look at WordPress in quite awhile, I'd encourage you to take a new look at this application.

Below is the summary video from the WordPress folks introducing you to WordPress 3.0. Enjoy.

read more

The TYPO3 Community released the newest version of their Open Source project TYPO3. TYPO3 has been downloaded over 4.6 million times – making it one of the world’s leading Enterprise Open Source projects.

The latest TYPO3 version 4.4 makes TYPO3 easier than ever – especially for newbies. A TYPO3 website is now up and running in 5 minutes after it has been downloaded and with the included template it is up and running.

The most important innovations at a glance:

• Introduction Package


• Udated Look & Feel


• Easier Installation


• Faster Rich Text Editor


• New Taskcenter

TYPO3 version 4.4 innovations in detail:

Introduction Package, to start immediately

The new introduction package offers TYPO3 newbies a configurable template immediately after installation. Using simple examples it demonstrates TYPO3 concepts and possibilities. At the same time this template can of course be used for the first own website, since e.g. the colour-scheme of the template can easily be changed without TYPO3 expert knowledge.

read more

We are working hard to release TomatoCMS 2.0.7 with new features and new interface.

Here some new feature will available in TomatoCMS 2.0.7

Inserting tracker/counter code (SEO module)

TomatoCMS already supports inserting Google Analytic tracker code to your website via gatracker hook.

Also, this plugin allows user to insert tracker code of most popular analytic systems, such as:

• Google Analytic


• Hitstats

Supports Google Webmaster Tools (SEO module)

If you want Google search engine to crawl data on your site, you have to register the site with Google Webmaster Tools.

Shows some Google Analytic reports (SEO module)

In next TomatoCMS 2.0.7, we are going to use Google Analytic API to show some popular reports in chart.

read more

A new version of CMS Made Simple was released this past weekend. CMS Made Simple 1.8 offers a number of new features to enhance performance not only of the website itself, but to make doing some mundane tasks faster and easier.

Some of the more significant changes in CMS MadeSimple include:

• Stylesheets - The {stylesheet} tag has been deprecated in favor of a {cms_stylesheet} tag. The replacement works by grabbing the content of the individual style sheets and passing them through smarty before writing them to uniquely named files in the tmp/cache directory. Processing the style sheets (individually) through smarty means that you will no longer have to search through each of the style sheets for individual colors, you can give them names.


• Bulk-copy pages


• New {content_module} tag - Allows modules to provide different types of content blocks for use in Content pages.


• SSL support


• Updated documentation


• Clean up of language files


• Module Manager improvements - It should now be much easier to install or upgrade modules, including all of their dependencies.

Additional details about CMS Made Simple 1.8 can be found at CMSMadeSimple.org. The latest stable version of CMSMS is available on their download page.

Following ocPortal's new feature tracker becoming established we wanted to make this announcement to a wider audience outside of our forum. Since the news item below there have been 11 new features added for discussion and 37, almost 20%, have been resolved.

Since the original release we are now working on Version 5 rather than 4.4 due to the amount of changes made. You can expect an announcement about this in the next few days.

Original news forum article:

Preceding the expected release of ocPortal version 4.4,  we are pleased to announce a new feature tracker which we will be using to plan future features. The tracker shows all 177 feature areas we currently have for consideration for future versions of ocPortal, laid out for anyone to see and comment on. In the past we have planned ocPortal in private so this is a huge change for us and a huge release of what were previously private plans.



The purpose of the feature tracker is to highlight current and future developments within ocPortal and allow the community to have a say and make suggestions. Each issue or feature in the database has a description of the intended functionality, a time estimation, and a clear layout of dependencies and risk management data (which gives an impression to how the developers likely see it in terms of schedule for implementation).



We hope the new feature tracker helps foster a greater feeling of inclusivity amongst our community and a real foundation for transparency and engagement. You shouldn't expect everything on this list to be "around the corner" but it does give everyone a chance to have their say, and help foster a shared vision.



The ocPortal feature tracker can be found here:

http://ocportal.com/tracker/my_view_page.php