NYCPHP Meetup

[Mitch Pirtle]

Jayesh Sheth wrote:

> Hello all,
>
> I would like to post some pictures (from the recent Mermaid Parade in 
> Coney Island) to my website. I have considered using Gallery for its 
> ease of use, but I have some reservations: I have noticed some 
> automated bots scanning my sites in attempt to break into them using 
> known exploits in commonly used pieces of open source software such as 
> PHP-Nuke and Gallery.


Sad I missed the parade :(  Living a 10-minute drive away makes it even 
more disappointing that I managed to miss it!)

I'm in the process of setting up a gallery using the RSGallery module 
for Mambo Open Source (www.mamboserver.com).  There are a couple very 
active security researchers that are working with the Mambo crew over at 
Mosforge.net, and I can say that the security of Mambo is really getting 
solid.

I believe all of the gallery scripts start out with humble ambitions, 
and as more folks use it, more features are requested.  I guess that's 
just the nature of software development in the OSS world ;)

And you are absolutely right about the automated scanners - we have a 
group in Brazil that have specialized in writing scanners for older 
versions of Mambo, and thankfully the Mambopots Project (distributed 
Mambo honeypots) is providing some pretty shocking data.  :(

-- Mitch