Thu 04 Sep 2008 |
Joomla! Security, do you take it seriously like we do?
Written by Brad Baker
After the recent security update, it's still so saddening to see how many people do not take security of their (and their clients) Joomla! sites seriously. If an urgent security patch is released, there is a good reason for it. In any case, just follow the Security Forum for a few hours to see what I am talking about.
What can we all do about this?
Here's one way: http://feeds.joomla.org/JoomlaSecurityNews
You can subscribe via email and/or RSS the choice is yours.
Why not help us all out by spreading that link around as much as you can and encouraging more people to subscribe.
PS We have more and more RSS/Email subscription options available to our users on the JoomlaConnect site now as well. Just click your browsers RSS icon. We'll be adding more of the language categories when we have time.
2008-09-04 03:37:23
I was fortunate in that my and my clients' sites were patched quickly and escaped exploit. I stumbled upon a new client recently who was equally lucky, but only because he had chosen not to index in Google yet and therefore escaped detection as unpatched.
I have been stressing to everyone I come across the urgency of getting subscribed to the Security announcement feeds.
2008-09-04 05:25:16
2008-09-04 08:46:05
"I think the 1.5.6 security release was the wakeup call many of us needed. "
It's certainly a great reason to start looking for an alternative.
2008-09-04 09:55:52
2008-09-04 11:51:33
Small lax can cost dear.
Kamal
2008-09-04 13:10:18
Why not make an action log where the IP of every site change is logged ? Sure experienced hackrs would use proxies and be hard to find, but some guys experimenting might be caught and scared off.
2008-09-04 15:27:10
Why not implement updates into backend, sending notifications to admins. There are many ways, don't blame the admins, do something to ease it.
2008-09-04 23:36:21
2008-09-05 06:26:33
I am very concerned that after several days ago my site got defaced and even after restoration I upgraded to Joomla 1.5.6, my site got defaced again today. Luckily the guy only changed the index.php to display his message. But I am sure he can repeat his action again easily since I do not know what to do to prevent it beside finding new patch for Joomla which is not available yet.
2008-09-05 16:22:08
Thanks, Claudia
2008-09-05 22:28:20
I assume you have subscribed via the link I posted in this blog post? If you need further help, please post on the forum.
2008-09-06 00:09:47
2008-09-06 05:30:26
2008-09-09 11:59:48
That’s allways gonna be a problem. If you got hacked running 1.5.5 and got hacked again after updating to 1.5.6 then you have to look for hackerfiles (check with filist.php for example).
2008-09-10 09:28:05
But I got no email re the 1.5.7 patch. I only found out when I visited Joomla.org.
This seems like a problem.
Could you please fix the email subscriptions to security newsletters.
Thank you
2008-09-10 15:34:54
2008-09-10 17:03:15
Thanks for this!
2008-09-10 21:23:41
2008-09-11 16:30:19
2008-09-12 17:36:30
Because all the junior hackers pass their time testing if our joomla sites are uptodate. The biggest vulnerability is providing them details of how to crack the site. This happened during our holidays, and to say the truth it very very wired !
2008-09-12 18:13:05
Given that 1.0.14 fixed this:
and 1.0.15 fixed:
So I think that you should upgrade SOON.
Nick
2008-09-13 00:15:55
2008-09-16 01:47:54
I have added to my RSS and now am doing a transfer over to Joomla 1.5.7.
thanks for the great work.
James
2008-09-17 16:41:16
2008-09-18 21:16:55
But, if someone has 100 clients running joomla and need to apply a patch for each one at once a month this will 1200 ftp transfers a year.
Probably may exists an easier way I don't know for mass updating, but I think it's a lot of time for updating.
2008-09-21 14:29:03
2008-09-22 20:59:31
Hacked ByRossi ~ Turkish Hacker
Hacked ByRossi ~ Turkish Hacker
Username
Password
Remember Me
2008-09-23 16:19:53