Information Technology

Last week was a very frustrating time for me. For whatever reason, an unusually number of botnets decided to zero in on my Drupal site and created what I call an unintentional  Denial of Service attack (DOS). The attack was actually from spambots looking looking for script vulnerabilities found mainly in older versions of e107 and WordPress. Since the target of these spambots were non-Drupal pages, my Drupal site responded by delivering an unusually large number of "page not found" and "access denied" error pages. Eventually, these requests from a multitude of IPs were too many for my server to handle and for all intents and purposes the botnet attack caused a distributed denial of service that prevented me and my users from accessing the site.

These type of attacks on Drupal sites and numerous other content management systems are nothing new. However, my search at Drupal.org as well as Google didn't really find a solution that completely addressed my problem. Trying to prevent a DDoS attack isn't easy to begin with and at first the answers alluded me.

I originally looked at Drupal for the solution to my problems. While I've used Mollom for months, Mollom is designed to fight off comment spam while the bots attacking my sight were looking for script vulnerabilities that didn't exist. So with Mollom being the wrong tool to fight off this kind of attack, I decided to take a look at the Drupal contributed model Bad Behavior. Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots then blocks such access and logs their attempts. I actually installed an "unofficial" version of the Bad Behavior module which packages the Bad Behavior 2.1 scripts and utilizes services from Project Honey Pot.

As I had already suspected, looking for Drupal to solve this botnet attack wasn't the answer. Pretty much all Bad Behavior did for me was to take the time Drupal was spending delivering "page not found" error pages and use it to deliver "access denied" error pages. My Drupal site is likely safer with the Bad Behavior module installed, but it was the wrong tool to help me reduce the botnets from overtaxing Drupal running on my server. Ideally, you would like to prevent the attacks ever reaching your server by taking a look at such things as the firewall, router, and switches. However, since I didn't have access to the hardware, I decided it was time to look at my Apache configuration.

What are the enterprise trends in content management? This past month, I've given a lot of thought on the evolution of content management and social media in large organizations. Perhaps the amount of time I've recently spent on the plane traveling both coasts of the United States gave me too much reflecting time on this subject. Most of us understand the impact Enterprise 2.0 has had on enterprise content management, yet I feel like we're missing pieces to the puzzle. Luckily, there are a lot of smart people out there giving us clues to what the current enterprise trends are with content management.

This week I have been thinking a lot about how poorly we manage data and information. The quality of the data and the lack of needed data has historically been an issue at work. We have focused a lot of our time on data mining but never really recognized that one day there would be too much data and information for our staff to sift through. Recently, our managers proposed two new data sources for the operational staff to review and I decided that it was time to hit the panic button that we're currently giving out more information to our workers than they can handle.

When a business presents too much information to their staff it is a lot like catching deer in your headlights. If the deer is too overwhelmed to run and you don't steer the car out of the way then no good can come to both car and deer. This is where I think we are at work and we're needing to slow things down a bit to give both driver and deer time to think about their next move. For the moment at least, I'm personally at a lost on how best to solve our issues with information overload.

This year, I had the privilege of participating as a member on the judging panel for Packt Publishing's Overall Best Open Source CMS Award. As I mentioned last month, WordPress was declared the winner of the award followed by MODx, SilverStripe, DotNetNuke, and finally XOOPS. Since the award announcement, I've had a lot of inquiries asking me how and in what order did I rank the content management systems. I decided to wait for a month before my posting my rankings of the Web applications because I wanted focus to remain on the declared winners and not my individual choices.

My rankings for the Overall Best Open Source CMS (with number one being the highest) were:

1. WordPress
2. DotNetNuke
3. SilverStripe
4. MODx
5. XOOPS

Each of the judges on the panel, selects their top three CMS from the five included in this category. The judges are given a lot of reign for how they rank the CMS and may consider a number of factors such as performance, usability, accessibility, ease of configuration and customization, scalability and security. Despite the criteria given, the fact is the best CMS is the CMS you determine is best in meeting your project requirements. In other words, you may find that all five CMSes in this category meet your project needs or in some cases none of the given applications will meet your requirements. Despite how I ranked the CMS you still need to do your own homework before choosing what your "best" CMS.

Not having the opportunity to own an iPhone due to lack of coverage by phone carrier AT&T, I haven't been a smartphone user. Then a few weeks ago my carrier, Verizon, introduced the Motorola Droid and I purchased my first smartphone.  Since then, I've been carrying the Droid where ever I go and taking full advantage of the phone's features.

My experience with the Droid has forced me once again to question what I know about Web content management and best practices. I knew I would use the phone for social media aspects (Facebook, Twitter) but I've been surprised at how much I hungered to read content from various Internet sites. Despite the iPhone and the Droid both having good Web browsers, I've come to the conclusion that reading content on a smartphone for a site like CMSReport.com still sucks.

This week, I spent a lot of time in various discussions on the negatives of Web content management systems (WCM). For all the excitement us CMS enthusiasts have for WCM, there is also associated frustration that threatens to dampen our spirit and kill the mission.

We lasted nine months. That's right, for nine months we hosted our Drupal site with a shared hosting account. Last January, I knew we were taking a gamble but the monthly cost savings for hosting the site was just too tempting. In this end though, CMS Report was too busy and exceeded the shared hosting provider's CPU usage policy.

Working for a large organization, it should be no surprise to all that my workplace is going down the SharePoint path for its "enterprise software" solution. What may be surprising to some is that SharePoint confuses me.

Is SharePoint a document management system or a content management system? Every executive touts using SharePoint's collaboration features, but behind closed doors I only hear whispers that those collaboration tools aren't so great. I'm told Sharepoint is a cheap solution to implement, yet over the years I have never heard a CIO actually tell me they're saving money using SharePoint. Then there is the Microsoft Sharepoint licensing agreements. Every time I read a Microsoft license I can't help but wonder if I'm on a road that doesn't offer my organization appropriate exit ramps.

Last week, Socialtext's Eugene Lee forwarded a link on Twitter with SharePoint as the focus of the article.  The SharePoint article is titled, SharePoint 2007: Gateway Drug to Enterprise Social Tools and the author discusses the frustration enterprises and site developers have with the Microsoft product.  There is some truth in the article as I've heard from many people discussing their concerns about SharePoint lacking quality Enterprise 2.0 features or causing vendor lock for their organization.  However, the article borders slightly on the side of a rant on SharePoint and I've allowed it remain in a tab on my browser for quite awhile while I pondered what I wanted to take from the article.

I think the frustrations the author describes about SharePoint isn't a SharePoint problem.  And the author describes the issue very well without recognizing it's just not SharePoint that drives organizations crazy.

SharePoint does some things rather well, but it is not a great tool (or even passable tool) for broad social interaction inside enterprise related to the focus of Enterprise 2.0. SharePoint works well for organization prescribed groups that live in hierarchies and are focussed on strict processes and defined sign-offs. Most organization have a need for a tool that does what SharePoint does well.

This older, prescribed category of enterprise tool needs is where we have been in the past, but this is not where organizations are moving to and trying to get to with Enterprise 2.0 mindsets and tools. The new approach is toward embracing the shift toward horizontal organizations, open sharing, self-organizing groups around subjects that matter to individuals as well as the organization. These new approaches are filling gaps that have long existed and need resolution.

The problems identified with SharePoint can easily be said about many enterprise applications out there.  Many of the enterprise suites provided to the market traditionally offered turn-key solutions in an effort to deliver a single integrated solution for the customer.  These integrated suites can and do create "vendor lock" but that isn't the sole goal of enterprise products being delivered by such companies as Microsoft, IBM, and Oracle.  The customers asked for efficient and effective enterprise solutions and the big software companies responded by providing the expected tightly controlled software platforms (historically a good thing) along with terms of licensing, predictable pricing, training, and infrastructure support.

A recent article in ComputerWorld discusses observations made by a Denmark-based analyst regarding wikis in the enterprise.  The analyst points out that wiki technology alone won't deliver if the organization cannot overcome obstacles in its own culture as well as the lack of true content management in a wiki.

One issue is the hype surrounding wikis or the blind faith with which they are approached, said Jespersen. "People often look to Wikipedia as a free form where everyone is contributing, and why could we not do the same with our organization?," she said, having observed wikis entering the scene to compensate for an intranet that has fallen to the wayside. But, she said, technology alone won't resolve that issue.

Jespersen lists three myths surrounding wiki implementation that might make some organizations rethink the expectations they've built around their platform.

The three myths given about wikis in the enterprise are:

1. Myth One: Wikis will motivate employees to contribute content.
2. Myth Two: Employees know how to contribute.
3. Myth Three: Wikis will always provide the information employees need.

Myth three is of special interest to me. The analyst points out that although search is a selling point for wikis...the search capability found in wikis are often not as good as those found in content management systems.  She goes on to explain that given there is little structure built into wikis, "it is difficult to
structure this information to make it findable the next day even."

Make no mistake, Wikis provide an organization with a fantastic tool for employee's in an organization to learn how to collaborate.  I believe organizations often underestimate the paradigm shift needed in their own culture for their employees to properly contribute to a centralized knowledge base.  Wikis and other social publishing tools have proven to be a valuable tool for the collaboration component needed in information systems.  However, eventually wikis fall short of what a more well rounded content management system can provide an organization.