General discussion

Hi all,

I'm sure the security warning on the Drupal front page is Referring to this but think its worth
another mention as there is now a worm is currenlty making the rounds which makes use of this exploit.
This morning I have had several hits on my server from the worm and it looks like it will
pick up.

Grep of access logs:

216.131.91.x - - [08/Nov/2005:12:12:09 +0000] "POST /xmlsrv/xmlrpc.php
216.131.91.x - - [08/Nov/2005:12:12:06 +0000] "POST /xmlrpc.php
216.131.91.x - - [08/Nov/2005:12:12:01 +0000] "POST /drupal/xmlrpc.php

Hi Guys,

Just a general shooting the breeze type idea about Drupal security...

I notice an increase in posts about attempts at hacking/exploits, strange messages in the logs or whatever on Drupal sites..and I was wondering if there was a way to make life more difficult for the hackers by making links unique to a particular site...so everything isn't named the same.

To use a crude example..if I'm looking at a site and wondering if it was built using Drupal I tend to have a quick look at the style sheet headers in the source or the old reliable ?q=user/login or ?q=user/password links which a lot of people leave as is with Drupals original text...

What if there was file alias....where Drupal catches and "publishes" filenames making them unique to that site?

So, as an example....on the ADMINISTER -->> SETTINGS page there could be an option for a "unique site key" and "publish secure" button...where the site admin inserts a 6-digit code that is used to generate the sites filename aliases and clicks on "publish" to rename everything with the unique code prefix or whatever.

Obviously there would have to be some simple alternative procedure to patching to sit alongside the "publish secure" button and Drupal has a built in path alias type "smart check" to pick up the modules and files it needs to work.

Is that a stupid idea? (as a mini disclaimer, I'm not an expert in php, so I don't know if this is possible)

we tried ldap server authentication for our new drupal site...but it doesnt seem to work.
Will wins server be a better option to authenticate against a particular domain?
if so,can somebody suggest how to configure it ..............
other ideas are welcome...

how do we configure ldap server to authenticate users of a particular domain in drupal?
we have already installed the ldap integration and zcallback modules.
when we try to log on to the website using our domain id, it hangs.
could it be a configuration issue?

F1...F1...........(Please help...):-)

This comment is going to have absolutely nothing to do with any of the discussions going on in this forum, but I am a college student who is on a mission to figure out exactly what this website is for. Can anyone help me with a less vague description than the FAQ section? Thank you!

Hello, I'm evaluating Drupal, Xaraya and one other system for building
a {e-journal+other activities website} for a group of practitioners and
researchers who will be writing reports and articles into a mini workflow.
I posted an earlier thread on my requirements and the comparison
with Xaraya and I felt educated by the responses.

My background is mostly direct HTML editing for publishing, and I've found
it incredibly useful to keep look and feel simple and yet have a lot of control
over what goes online and exactly which pixel, etc. But I want to move a
Drupal like system for the new project and also want to get past the avoidable
nitty gritties of HTML itself.

I've tried to understand the templating facilities in Drupal (both php and xtemplate)
in the documentation. I see that templates can be derived and changed in the xTemplate
approach. But I can't get a clear sense of whether Drupal provides a final sort of access
DIRECTLY to the LAYOUT of any page or type of page, at the HTML level.
I realise we have complete control of style (CSS) and logic (PHP), but I'd
like to get a sense for whether I can code in my own HTML blocks into a template
file where I think Drupal's default does not do it. I prefer to use the templating
system already there, but I'd like some backup in case some look&feel structure
I want simply needs that kind of intervention.