Hi,

I want to use MOveable Type for a blog. THe host that I am considering using says that MT may be a hackable script. Is this true. Should I be worried about someone hacking the server if I us MT.

ANy help you can offer would be appreciated.

Thanks everyone

See dialouge with host below

Here was my question:

I was considering using Moveable Type as a CMS for a web site. Are you able to host this? Also, maybe PHP-Nuke? Just thought it would be easier to have one of this systems rather than hard-coding all of the time.

Here was his answer:
**************************************************
Yes, you can use those script but if you do, it is critical that you always keep them up to date with the authors latest versions. Why? Because these are very popular hackable scripts and kids hack or crack them to gain unauthorized access to your hosting account and our server.

You are responsible for its configuration and installation as we do not give technical support on any scripts you install on our servers.

If you follow these guidelines, you'll be fine. Always keep an eye on your script author's websites for their latest news and security patches. Signup for their newsletter if they offer it.
***********************************************

I run movabletype on my personal website.

It would be foolish to say that a script isn't hackable...a determined and skilled programmer could find a hole in any program to exploit. The extent of the damage depends on the quality of the code.

I subscribe to a security vunerability list, and everyday I get reports of new vunerabilities found in programs. I've seen a lot of reports about exploits, hacks, etc. for php-nuke (and other *nuke-type scripts), but nothing regarding movabletype....take that however you like it.

I find movabletype to be an exceptional free blogware product. The updates are not regular, but when they are, they usually improve functionality. I would recommend it highly over php-nuke.

As far as your host is concerned, I think they did a very good thing to inform you about their policies regarding third-party scripts. They are letting you know that they are not responsible if a script that you install compromises your website (and in extension, they might charge you for restoration, or hold you liable for damages to their server).

Make sure you read the installation instructions carefully for MT. They require you to delete some files that may compromise a system. Also, make sure that the permissions are set according to the instructions. I would also recommend that you signup for the MT mailing list, which will provide you with updates should there be a new version released.

As a side note, you might want to download the package, and just upload mt-check.cgi to see what your server supports. Its a good way to let your host know if they will need to install additional modules for MT.

I think he was most likley refering to PHP-Nuke rather than moveable type.

It looks like a fairly boiler-plate CYA response. From what I saw of the code before I banned it from the network, I wouldn't be surprised to hear PHP-Nuke was swiss cheese. I don't know much about MT, though.

hiryuu : php-nuke is more holey than the pope. ;)

I think the reply they gave you is not to say MT is hackable in it's present state, but just advice to ensure that as with any scripts - it is good to keep them up to date to avoid security issues.