What Options Are There To Create Secure Blog

[dreamcloudwolf]

I am in the process of installing MovableType, but what I couldn't find much information on whether I could making my website secure.

 

I've looked for cgiwrap, and discovered you had scgiwrap, which is nearly the same thing, and when I did research, I discovered that there was a bug with scgiwrap that makes it difficult to get comments to work. Since I didn't want to chance installing and then discover problems, I looked at other options.

 

There wasn't any mention of using suexec. Or using cgi-bin in the root directory. Or the ability to use cgi scripts outside the cgi-bin directory. I'm assuming that you CAN leave the cgi scripts outside of cgi-bin since there was no mention of it in Third party applications, under Movable Type.

 

Just checking my options here.

[rayners]

Could you tell me more about the scgiwrap bug? I've been running my site here for nearly a year without problem.

 

And, yes, your assumption is correct. You can run cgi scripts outside of the cgi-bin directory.

[dreamcloudwolf]

There was a mention of problems relating to scgiwrap in MovableType Support forum within the past year. From what I've read, users have had to devise workarounds or something.

Some quotes about bugs in comments:

Comments weren't working at all before I moved them to scgi-bin, now they work perfectly when added while viewing a post, however, if you are looking at an entry on the home/index page, and select "Comments (1)" below that, you get a 500 Internal Server error. I'm baffled as to why the script would work just fine one way, but not the other.

Seems a lot of people in the maryland area are unable to post comments, receiving a HTTP/1.1 400 Bad Request error as I have been receiving since late September.

I have seen this before, and it only seems to happen with that scgi-wrap directory and with comments being posted... unfortunately I don't think the problem was ever tracked down. Does your host have any ideas?

I don't know if bugs were fixed. I'm only trying to avoid future trouble once I set it up.

[TCH-Rick]

We do run suexec on our servers. That is the reason some folks have gotten a 500 Internal Server Error when trying to run perl scripts with permissions set at 777.

[dreamcloudwolf]

We do run suexec on our servers. That is the reason some folks have gotten a 500 Internal Server Error when trying to run perl scripts with permissions set at 777.

I assume that it means that I can add the .suexec file into the public_html directory through ftp program? In other words, how do I add it? All I know, is that I need to create .suexec file.

 

I'm not too familiar with how .suexec works, so any do's or don'ts suggestions would be helpful as I try to follow instructions in the documentation and implement it. And I'll make sure I set permissions to 755 for cgi files.

 

Wait a second... In the documentation it says Use cgiwrap OR suexec, so if I use cgiwrap (otherwise known as CGI Wrapper in CPanel) which creates scgi-bin directory, and I use that, then I don't need to worry about suexec.

[dreamcloudwolf]

Went ahead and tried it. And now I'm stuck on something else. Nothing relating to security. Thanks for your help.

 

EDITED: I've finished installing it