Category: developers journal

Open source cms upgrade nightmare

Author: seven March 4, 2008

Recently we developed a new site for one of our clients. By default we configure it on our new shiny bling bling server. But, this client also had one really really old site, that they nevertheless wanted to keep alive online. Client was really unhappy with their current hosting company, and they asked us to migrate it to our servers. You must understand that we are not hosting company, but we provide uber hosting services only to our own clients and for our own projects. We are not happy when we must put single line of code on our servers that haven't been artificially grown in nivas labs.

Spam with cans 800

Anyways, that really old site was running Mambo Open Source v4.0.12. The moment site was online, our server security alarm bells started ringing, flashing, horning etc. Somebody started to rape mambo's contact component to send huge amounts of spam. Well how nice. I never used mambo-id like cms in past, but looking at administration console for half an hour - I was unable to find any possible way to disable contact component. Ok, so as said earlier, we are dealing with mambo 4.0.12 here. As written in source files, this version is dated back from 31/10/2001.

After spending some time browsing mambo forums, catching up on history of project, I've found out that mambo had strange upgrade process. Mostly consisted of strange ALTER TABLE etc. sql commands. How nice. No wonder our client didn't upgrade this in a while. Update to current (4.6.2) was impossible so, I rolled up my sleeves, and traveled back in time to the year 2001. Wheeee! An awful mix of html and code, javascript and html 4.01 transitional. I really don't know how this runs on php5 at all. Guess some magical force is holding this shit together from falling apart and burning in hell of old code eternity.

1 hour later - half of mambos code deleted and other half replaced with redirects to our new site. I am not proud of doing that, but hell - it worked. And yes, I could have easily spend several months on trying to upgrade to current, but I wonder how well would client handle that invoice. Site is now running in safe mode, but I can bet that it won't take long and it will get hacked again. The code is so bad, oh man, pure poetry... FUBR.

The point of this story - open source is not for everyone! I can't figure out why clients tend to put their mission critical (corporate) websites on OS projects, which they don't indent to upgrade (nor employ someone to do that). The previous hosting company which hosted this website didn't even bother to look at their server logs. They would probably discover that they are missing large amounts of bandwidth used for sending out spam. Who knows how many other companies like that is around the world? I would say A LOT... And all this spam is stealing my bandwidth aarararaagh!

Author
seven
CEO/CTO at Nivas®
Neven Jacmenović has been passionately involved with computers since late 80s, the age of Atari and Commodore Amiga. As one of internet industry pioneers in Croatia, since 90s, he has been involved in making of many award winning, innovative and successful online project. He is experienced full stack web developer, analyst and system engineer. In his spare time, Neven is transforming retro-futuristic passion into various golang, Adobe Flash and JavaScript/WebGL projects.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>