Security

Grayscale CMS was programmed with security in mind. The security features included in this Content Management System aren't just geared toward security of the site itself, but also to thwarting spammers and scammers, too.

1. Secure programming practices - Grayscale CMS enhances security by avoiding the kind of vulnerabilities that lead to SQL injections, e-mail header injections and the like.
2. Disallowed Access to files - like similar applications, Grayscale CMS is built using hundreds of files that contain the programming to run the site. Direct access to these files is disallowed to reduce the chance that a hacker could gain access to sensitive files.
3. Spam Black List
   1. Grayscale CMS blocks access to your site from over 10,000 IP addresses found in a variety of blacklists. It also allows you to block (or unblock) any IP address you want via the administrative screens
4. Banned Bots
   1. Grayscale CMS blocks access to your site from over 2 dozen bad "bots". These bots are known to go about the Web harvesting people’s e-mail addresses to spam people. It also allows you to block (or unblock) any user agent you want via the administrative screens.
5. Blocks Form Abuse
   1. Recently, spammers have been attempting to hijack forms to send spam with what's known as "e-mail injection". Grayscale CMS thwarts these attempts by disallowing certain types of content to be inserted into the form. It also allows you to disallow form submission by certain domains.
6. Blocks Junk Traffic
   1. Another tactic used by spammers is to spam your traffic stats, making it look like a bunch of people are coming to you from an inbound link. Their intent is to get a boost from Google when their site shows up in your referrer logs. Grayscale CMS blocks these bogus accesses, giving them an HTTP 403 response which will not show up in your logs and will (probably) make them skip your site in the future.
7. Strong Passwords
   1. All passwords are stored in the database using strong encryption
   2. All passwords must be at least 8 characters long
   3. All passwords must NOT be the same as the associated username
   4. All passwords must contain only numbers and letters
   5. As an option, you may also choose to check to make sure all passwords are not one of the 300 most used passwords in the world.