What a great year 2010 was for content management. Open source CMS projects seemed to have grown up this year while proprietary systems appeared to continue in their evolution. While social publishing systems may not have conquered the traditional content management system, the CMS definitely took notice by integrating as many social media features developers could come up with.

Below are the top ten stories of 2010 that were posted here at CMSReport.com. The stories in this list were ranked by the number of views per month since the articles first appeared at CMS Report. 

Top Ten Content Management Stories of 2010

1. Someone does another Drupal vs Joomla comparison
2. Open Source versus the Enterprise Solution
3. Ten Content Migration Tools to SharePoint Platform
4. Drupal themes go nuclear with Fusion
5. SilverStripe CMS becomes the first Microsoft Certified open source web app
6. Denial of Service on an Apache server
7. Guidelight Business Solutions video of DrupalConSF 2010
8. Sharepoint 2010 vs WCM Platforms
9. We Hear You: Our spam filtering needs to be improved
10. The MODx Revolution 2.0 Interviev

As you can see, stories on Drupal, Joomla!, Sharepoint, SilverStripe, and MODx brought a lot of visitors to the site. Not all the stories listed above would have been one of the ten I would have personally picked, but I'll respect the numbers behind their ranking. I personally, don't like "versus" articles yet readers seemed to flock those articles. Unfortunately quality of writing doesn't appear to always matter as there were some very well written articles we posted in 2010 that didn't make this list.

The year 2011 will undoubtedly bring change and new stories to the world of content management systems. I think the year will also be a year of decision for the direction we take CMSReport.com. I feel as if this site of ours is stuck somewhere between our roots as a niche blog and a potentially popular CMS news site. I'm hoping we make some changes in the new year that all our readers can appreciate and value.

Last week was a very frustrating time for me. For whatever reason, an unusually number of botnets decided to zero in on my Drupal site and created what I call an unintentional  Denial of Service attack (DOS). The attack was actually from spambots looking looking for script vulnerabilities found mainly in older versions of e107 and WordPress. Since the target of these spambots were non-Drupal pages, my Drupal site responded by delivering an unusually large number of "page not found" and "access denied" error pages. Eventually, these requests from a multitude of IPs were too many for my server to handle and for all intents and purposes the botnet attack caused a distributed denial of service that prevented me and my users from accessing the site.

These type of attacks on Drupal sites are nothing new and have been observed and discussed at great length at Drupal.org. However, my search at Drupal.org as well as Google didn't really find a solution that completely addressed my problem. Trying to prevent a DDoS attack isn't easy to begin with and at first the answers alluded me.

I originally looked at Drupal for the solution to my problems. While I've used Mollom for months, Mollom is designed to fight off comment spam while the bots attacking my sight were looking for script vulnerabilities that didn't exist. So with Mollom being the wrong tool to fight off this kind of attack, I decided to take a look at the Drupal contributed model Bad Behavior. Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots then blocks such access and logs their attempts. I actually installed an "unofficial" version of the Bad Behavior module which packages the Bad Behavior 2.1 scripts and utilizes services from Project Honey Pot.

As I had already suspected, looking for Drupal to solve this botnet attack wasn't the answer. Pretty much all Bad Behavior did for me was to take the time Drupal was spending delivering "page not found" error pages and use it to deliver "access denied" error pages. My Drupal site is likely safer with the Bad Behavior module installed, but it was the wrong tool to help me reduce the botnets from overtaxing Drupal running on my server. Ideally, you would like to prevent the attacks ever reaching your server by taking a look at such things as the firewall, router, and switches. However, since I didn't have access to the hardware, I decided it was time to look at my Apache configuration.

Acquia used the first day of DrupalCon DC as well as their corporate site to announce the availability of their new service via a public beta program, Acquia Search. Acquia Search is "based on the powerful Lucene and Solr technologies from the Apache project" and "creates a rich index of your site content".  While Apache Lucene and Apache Solr are "free" and open source, the implementation and maintenance of these products can be rather daunting.  Acquia wishes to solve this complexity problem by offering Solr search as a service in their Acquia Network.

Before the beta was available to the public, CMSReport.com was invited by Jacob Singh to join the private beta program to test and review Acquia Search. I have only been using Acquia Search for a week so I still have some learning to do in order to take full advantage of the advanced configuration options in Apache Solr.  Although I'm new to Apache Solr,  I have to say that from a website owner's perspective the implementation of Apache Search was extremely easy.  After I signed up for the service on the network, implementing Acquia Search within the Acquia Drupal CMS was just a matter of activating the appropriate modules and waiting for my content to be indexed by the server.  Acquia Search works straight "out of the box" and I couldn't have asked for anything simpler.

The message below was originally posted as a comment here at CMS Report. Unfortunately, the comment was posted while I was switching the site over to a new server and just before the Memorial weekend holiday here in the United States. I'm afraid very few people saw the comment so I thought it should get more attention by posting the comment onto the "front page".

If you had to choose only one of the three CMS based on his requirements for the project he describes below...which CMS (Plone, Apache Lenya, and Nuxeo 5) would you choose? Please leave your comments belows!