Written by Mandville
Thursday, 30 July 2009 16:13
I work for a community based network of roving IT people, engineers and IT Helper. One of those roles is to attend workshops for technically challenged people and community/charity start ups.
This week i attended a community web workshop. the basics of it was;
"A surgery to help people who run a community website; but need some help to maintain or improve it along with expert volunteers to come and help out. Topics covered were seo, Google products, Wordpress/Joomla/similar free web software and writing for the web. " So I was prepared for almost anything.
For some reason i got paired with a person who wanted to discuss forum integration within their website. Their opening question was "Is a forum a bulletin board?" (un-comfort zone)
So i had a look at their site to see what their current forum was.
[*] surprise number 1 - it was 'simplestforum' so that meant their site was running Joomla! (comfort zone)
we discussed the other options eg phpbb and SMF for a while before looking into some of the style issues with their current forum.
[*] surprise number 2: their site was running legacy mode err why? - "no idea" they said, "our IT people set it up".
They didn't have a big list of components, just SF, a video plugin and that was about all.
[*] Surprise number 3: their user list was about 300 people long, 250'ish of those were spam registrations. bring on the captcha recommendations or even something like Alpha registration it was also noticed that all but 2 of their 7 admins/super admins havent logged in in over 2 months!
[*] Suprise number 3: their site was running Joomla 1.5.8 ! yes 1.5.8 (1.5.9 released Jan 10th 2009)
This led to another discussion on What are the top 10 stupidest Joomla! security tricks? and to my horror - they didn't even know where they were hosted or what emergency plans they had.
So my suggestion was to send their IT team an email saying "we have been hacked, what are YOU going to do about it?" and see what the response was. Then to follow up another email saying that we need everything updated the whole site, plugin, modules, components the works.
So to sum up, any one know how to make simplest forum topics flow like phpbb3 and not stagger drunkenly across the screen? and no, i wont name the website, even i am not that stupid, and you know how I am about security!