I am interested in Diem project and would like to try the online demo
but when I attempt to authenticate in backend panel with admin / admin
as noted in demo page, I always have the error message "The username
and/or password is invalid.". Could you please post the right
username / password?
We had to disable the demo due to abuse causing the server to be hacked. Since the code editor allows you to change php files one could practically do anything with it.
I'll be looking into blocking the potential harmfull actions in the demo to be able to open the demo for public use. But since one can add php code in every widget, this is not so easy..
The best way to try Diem however is by cloning it from git, running the setup and off you go. If you don't have a linux box available, consider playing around with Virtualbox or Vmware to run one inside your current os..
Kind regards,
Erik Van Kelst IT specialist - OpenSource developer -- sent from my mobile phone On Apr 12, 2012 5:59 PM, "Nicolas." <nclap...@gmail.com> wrote:
> I am interested in Diem project and would like to try the online demo > but when I attempt to authenticate in backend panel with admin / admin > as noted in demo page, I always have the error message "The username > and/or password is invalid.". Could you please post the right > username / password?
Thank you for the quick answer! Sad there are people abusing the demo.
I will follow your advice and clone Diem from git to test it. Thanks
again for the reply.
On Apr 12, 12:32 pm, 4levels <4lev...@gmail.com> wrote:
> We had to disable the demo due to abuse causing the server to be hacked.
> Since the code editor allows you to change php files one could practically
> do anything with it.
> I'll be looking into blocking the potential harmfull actions in the demo to
> be able to open the demo for public use. But since one can add php code in
> every widget, this is not so easy..
> The best way to try Diem however is by cloning it from git, running the
> setup and off you go. If you don't have a linux box available, consider
> playing around with Virtualbox or Vmware to run one inside your current os..
> Kind regards,
> Erik Van Kelst
> IT specialist - OpenSource developer
> --
> sent from my mobile phone
> On Apr 12, 2012 5:59 PM, "Nicolas." <nclap...@gmail.com> wrote:
> > Hello everyone,
> > I am interested in Diem project and would like to try the online demo
> > but when I attempt to authenticate in backend panel with admin / admin
> > as noted in demo page, I always have the error message "The username
> > and/or password is invalid.". Could you please post the right
> > username / password?
Hi @Erik is it possible to disallow access to CodeEditor, Or just to disable this module? Or make hardcore solution — override save action of code editor. ex: die('this is a demo site. it is not allowed here.');
On Fri, Apr 13, 2012 at 4:27 AM, Nicolas. <nclap...@gmail.com> wrote: > Thank you for the quick answer! Sad there are people abusing the demo. > I will follow your advice and clone Diem from git to test it. Thanks > again for the reply.
> On Apr 12, 12:32 pm, 4levels <4lev...@gmail.com> wrote: > > Hi Nicolas,
> > We had to disable the demo due to abuse causing the server to be hacked. > > Since the code editor allows you to change php files one could > practically > > do anything with it.
> > I'll be looking into blocking the potential harmfull actions in the demo > to > > be able to open the demo for public use. But since one can add php code > in > > every widget, this is not so easy..
> > The best way to try Diem however is by cloning it from git, running the > > setup and off you go. If you don't have a linux box available, consider > > playing around with Virtualbox or Vmware to run one inside your current > os..
> > Kind regards,
> > Erik Van Kelst > > IT specialist - OpenSource developer > > -- > > sent from my mobile phone > > On Apr 12, 2012 5:59 PM, "Nicolas." <nclap...@gmail.com> wrote:
> > > Hello everyone,
> > > I am interested in Diem project and would like to try the online demo > > > but when I attempt to authenticate in backend panel with admin / admin > > > as noted in demo page, I always have the error message "The username > > > and/or password is invalid.". Could you please post the right > > > username / password?
There are some ways in the code editor configuration to disable read and/or write actions on specific files/folders. It looks more difficult to disable parsing php code in front widgets like eg. Content/Title or Content/Text widgets.
I'll have a look at it asap as I do agree the demo is quite important for new developers to get to know Diem.
I'll keep you all posted..
Kind regards,
Erik Van Kelst IT specialist - OpenSource developer -- sent from my mobile phone On Apr 13, 2012 11:31 AM, "Evgeny Sinitsyn" <cuh...@gmail.com> wrote:
> Hi > @Erik is it possible > to disallow access to CodeEditor, > Or just to disable this module? > Or make hardcore solution — override save action of code editor. ex: > die('this is a demo site. it is not allowed here.');
> Evgeny
> On Fri, Apr 13, 2012 at 4:27 AM, Nicolas. <nclap...@gmail.com> wrote:
>> Thank you for the quick answer! Sad there are people abusing the demo. >> I will follow your advice and clone Diem from git to test it. Thanks >> again for the reply.
>> On Apr 12, 12:32 pm, 4levels <4lev...@gmail.com> wrote: >> > Hi Nicolas,
>> > We had to disable the demo due to abuse causing the server to be hacked. >> > Since the code editor allows you to change php files one could >> practically >> > do anything with it.
>> > I'll be looking into blocking the potential harmfull actions in the >> demo to >> > be able to open the demo for public use. But since one can add php >> code in >> > every widget, this is not so easy..
>> > The best way to try Diem however is by cloning it from git, running the >> > setup and off you go. If you don't have a linux box available, consider >> > playing around with Virtualbox or Vmware to run one inside your current >> os..
>> > Kind regards,
>> > Erik Van Kelst >> > IT specialist - OpenSource developer >> > -- >> > sent from my mobile phone >> > On Apr 12, 2012 5:59 PM, "Nicolas." <nclap...@gmail.com> wrote:
>> > > Hello everyone,
>> > > I am interested in Diem project and would like to try the online demo >> > > but when I attempt to authenticate in backend panel with admin / admin >> > > as noted in demo page, I always have the error message "The username >> > > and/or password is invalid.". Could you please post the right >> > > username / password?
this is maybe too basic and naive but did u tried to set all file perms to readonly... let say someting like 440 or 400? and disabling the console? (id dont know if the console let u change file perms but u can disable the exec() php func and this will disable the cosnole....)
> There are some ways in the code editor configuration to disable read and/or > write actions on specific files/folders. It looks more difficult to disable > parsing php code in front widgets like eg. Content/Title or Content/Text > widgets.
> I'll have a look at it asap as I do agree the demo is quite important for > new developers to get to know Diem.
> I'll keep you all posted..
> Kind regards,
> Erik Van Kelst > IT specialist - OpenSource developer > -- > sent from my mobile phone
>> Hi >> @Erik is it possible >> to disallow access to CodeEditor, >> Or just to disable this module? >> Or make hardcore solution — override save action of code editor. ex: >> die('this is a demo site. it is not allowed here.');
>> Evgeny
>> On Fri, Apr 13, 2012 at 4:27 AM, Nicolas. <nclap...@gmail.com> wrote:
>>> Thank you for the quick answer! Sad there are people abusing the demo. >>> I will follow your advice and clone Diem from git to test it. Thanks >>> again for the reply.
>>> On Apr 12, 12:32 pm, 4levels <4lev...@gmail.com> wrote: >>> > Hi Nicolas,
>>> > We had to disable the demo due to abuse causing the server to be >>> > hacked. >>> > Since the code editor allows you to change php files one could >>> > practically >>> > do anything with it.
>>> > I'll be looking into blocking the potential harmfull actions in the >>> > demo to >>> > be able to open the demo for public use. But since one can add php >>> > code in >>> > every widget, this is not so easy..
>>> > The best way to try Diem however is by cloning it from git, running the >>> > setup and off you go. If you don't have a linux box available, >>> > consider >>> > playing around with Virtualbox or Vmware to run one inside your current >>> > os..
>>> > Kind regards,
>>> > Erik Van Kelst >>> > IT specialist - OpenSource developer >>> > -- >>> > sent from my mobile phone >>> > On Apr 12, 2012 5:59 PM, "Nicolas." <nclap...@gmail.com> wrote:
>>> > > Hello everyone,
>>> > > I am interested in Diem project and would like to try the online demo >>> > > but when I attempt to authenticate in backend panel with admin / >>> > > admin >>> > > as noted in demo page, I always have the error message "The username >>> > > and/or password is invalid.". Could you please post the right >>> > > username / password?
> this is maybe too basic and naive but did u tried to set all file > perms to readonly... let say someting like 440 or 400? and disabling > the console? (id dont know if the console let u change file perms but > u can disable the exec() php func and this will disable the > cosnole....)
> 2012/4/13 4levels <4lev...@gmail.com>: >> Hi Evgeny,
>> There are some ways in the code editor configuration to disable read and/or >> write actions on specific files/folders. It looks more difficult to disable >> parsing php code in front widgets like eg. Content/Title or Content/Text >> widgets.
>> I'll have a look at it asap as I do agree the demo is quite important for >> new developers to get to know Diem.
>> I'll keep you all posted..
>> Kind regards,
>> Erik Van Kelst >> IT specialist - OpenSource developer >> -- >> sent from my mobile phone
>>> Hi >>> @Erik is it possible >>> to disallow access to CodeEditor, >>> Or just to disable this module? >>> Or make hardcore solution — override save action of code editor. ex: >>> die('this is a demo site. it is not allowed here.');
>>> Evgeny
>>> On Fri, Apr 13, 2012 at 4:27 AM, Nicolas. <nclap...@gmail.com> wrote:
>>>> Thank you for the quick answer! Sad there are people abusing the demo. >>>> I will follow your advice and clone Diem from git to test it. Thanks >>>> again for the reply.
>>>> On Apr 12, 12:32 pm, 4levels <4lev...@gmail.com> wrote: >>>> > Hi Nicolas,
>>>> > We had to disable the demo due to abuse causing the server to be >>>> > hacked. >>>> > Since the code editor allows you to change php files one could >>>> > practically >>>> > do anything with it.
>>>> > I'll be looking into blocking the potential harmfull actions in the >>>> > demo to >>>> > be able to open the demo for public use. But since one can add php >>>> > code in >>>> > every widget, this is not so easy..
>>>> > The best way to try Diem however is by cloning it from git, running the >>>> > setup and off you go. If you don't have a linux box available, >>>> > consider >>>> > playing around with Virtualbox or Vmware to run one inside your current >>>> > os..
>>>> > Kind regards,
>>>> > Erik Van Kelst >>>> > IT specialist - OpenSource developer >>>> > -- >>>> > sent from my mobile phone >>>> > On Apr 12, 2012 5:59 PM, "Nicolas." <nclap...@gmail.com> wrote:
>>>> > > Hello everyone,
>>>> > > I am interested in Diem project and would like to try the online demo >>>> > > but when I attempt to authenticate in backend panel with admin / >>>> > > admin >>>> > > as noted in demo page, I always have the error message "The username >>>> > > and/or password is invalid.". Could you please post the right >>>> > > username / password?
I'm not sure what your environment is, but if your demo server were on
AWS or another cloud-based solution, you could set it up to
automatically redeploy a new demo server every hour or something. I
would say just redeploy the app, but if they're hacking the server,
just redeploying the server may be the easiest option.
For my production environment with a Diem site, I use Rightscale and
manage the server with a bash script. You could even set it up to
detect activity that compromises the server and it can automatically
redeploy in those instances. However, demo's can normally be expected
to refresh hourly. The only difference is you'd be spinning off an
entirely new server.
Then they can hack it all they want, its just going to be a new, clean
server within the hour anyways.
For my production environment, I limited access to admin.php by ip
address, set up private keys for access and so on. In that way, only
users on approved networks can even access the admin. Also the
production environment has the code editor disabled, since actual
files get deployed via version control.
On Apr 13, 3:10 am, 4levels <4lev...@gmail.com> wrote:
> There are some ways in the code editor configuration to disable read and/or
> write actions on specific files/folders. It looks more difficult to
> disable parsing php code in front widgets like eg. Content/Title or
> Content/Text widgets.
> I'll have a look at it asap as I do agree the demo is quite important for
> new developers to get to know Diem.
> I'll keep you all posted..
> Kind regards,
> Erik Van Kelst
> IT specialist - OpenSource developer
> --
> sent from my mobile phone
> On Apr 13, 2012 11:31 AM, "Evgeny Sinitsyn" <cuh...@gmail.com> wrote:
> > Hi
> > @Erik is it possible
> > to disallow access to CodeEditor,
> > Or just to disable this module?
> > Or make hardcore solution — override save action of code editor. ex:
> > die('this is a demo site. it is not allowed here.');
> > Evgeny
> > On Fri, Apr 13, 2012 at 4:27 AM, Nicolas. <nclap...@gmail.com> wrote:
> >> Thank you for the quick answer! Sad there are people abusing the demo.
> >> I will follow your advice and clone Diem from git to test it. Thanks
> >> again for the reply.
> >> On Apr 12, 12:32 pm, 4levels <4lev...@gmail.com> wrote:
> >> > Hi Nicolas,
> >> > We had to disable the demo due to abuse causing the server to be hacked.
> >> > Since the code editor allows you to change php files one could
> >> practically
> >> > do anything with it.
> >> > I'll be looking into blocking the potential harmfull actions in the
> >> demo to
> >> > be able to open the demo for public use. But since one can add php
> >> code in
> >> > every widget, this is not so easy..
> >> > The best way to try Diem however is by cloning it from git, running the
> >> > setup and off you go. If you don't have a linux box available, consider
> >> > playing around with Virtualbox or Vmware to run one inside your current
> >> os..
> >> > Kind regards,
> >> > Erik Van Kelst
> >> > IT specialist - OpenSource developer
> >> > --
> >> > sent from my mobile phone
> >> > On Apr 12, 2012 5:59 PM, "Nicolas." <nclap...@gmail.com> wrote:
> >> > > Hello everyone,
> >> > > I am interested in Diem project and would like to try the online demo
> >> > > but when I attempt to authenticate in backend panel with admin / admin
> >> > > as noted in demo page, I always have the error message "The username
> >> > > and/or password is invalid.". Could you please post the right
> >> > > username / password?
Have you thought about an idea to kill the diem demo istallation once an hour, for example, bu cron and reinstall the clear one. A saw such decision on some demo sites.
четверг, 12 апреля 2012 г., 20:32:41 UTC+4 пользователь 4levels написал:
> We had to disable the demo due to abuse causing the server to be hacked.
> Since the code editor allows you to change php files one could practically > do anything with it.
> I'll be looking into blocking the potential harmfull actions in the demo > to be able to open the demo for public use. But since one can add php code > in every widget, this is not so easy..
> The best way to try Diem however is by cloning it from git, running the > setup and off you go. If you don't have a linux box available, consider > playing around with Virtualbox or Vmware to run one inside your current os..
> Kind regards,
> Erik Van Kelst
> IT specialist - OpenSource developer
> --
> sent from my mobile phone
> On Apr 12, 2012 5:59 PM, "Nicolas." <nclap...@gmail.com> wrote:
>> Hello everyone,
>> I am interested in Diem project and would like to try the online demo
>> but when I attempt to authenticate in backend panel with admin / admin
>> as noted in demo page, I always have the error message "The username
>> and/or password is invalid.". Could you please post the right
>> username / password?
