NetBuilders

You are welcome to look around. You will have to register before you can post a message, create a blog, chat live with our members, or add a site to our directory.



Advertise With Us

Reply Established PR4 Directory - Submit Your Site Now!
Old 25 December, 2008, 21:45 PM   #1 (permalink)
Super Moderator
 
firetown's Avatar
 
Location: shuddup
iTrader: (0)
Blog Entries: 3
Thanked 87 Times in 67 Posts
Posts: 501
$NetBucks: 206
Join Date: Dec 2008
Last Online: Yesterday 19:42 PM
Send a message via MSN to firetown Send a message via Yahoo to firetown Send a message via Skype™ to firetown
Default How secure is Joomla?

A friend had her joomla site hacked. Still trying to figure how they got in, but wanted to see if some of you have experienced Joomla insecurity and have some advice on how to secure it.

Thanks!
  Reply With Quote
Old 25 December, 2008, 22:04 PM   #2 (permalink)
Gozer
 
Will.Spencer's Avatar
 
Location: Singapore
iTrader: (45)
Blog Entries: 1
Thanked 1,621 Times in 890 Posts
Posts: 4,951
$NetBucks: 8,221
Join Date: Dec 2008
Last Online: Yesterday 22:59 PM
Default

The Joomla folks are pretty serious about security issues. Their security people make up the Joomla Security Strike Team.

As with most any other server application, the two most important things you have to do in order to maintain security are proper configuration and prompt updates.

For proper security configuration, she should become very familiar with the Joomla Administrators Security Checklist.

Joomla had two known security vulnerabilities fixed at the beginning of November. Joomla 1.5.8 includes the fixes.
  Reply With Quote
Thanked by:
elishevadpw (26 December, 2008), firetown (26 December, 2008)
Old 25 December, 2008, 22:23 PM   #3 (permalink)
Super Moderator
 
firetown's Avatar
 
Location: shuddup
iTrader: (0)
Blog Entries: 3
Thanked 87 Times in 67 Posts
Posts: 501
$NetBucks: 206
Join Date: Dec 2008
Last Online: Yesterday 19:42 PM
Send a message via MSN to firetown Send a message via Yahoo to firetown Send a message via Skype™ to firetown
Default

OK, I will ask Elisheva later. I bet it was not the latest version!
  Reply With Quote
Old 26 December, 2008, 05:32 AM   #4 (permalink)
Net Builder
 
elishevadpw's Avatar
 
Location: under the equator
iTrader: (0)
Thanked 28 Times in 14 Posts
Posts: 112
$NetBucks: 120
Join Date: Dec 2008
Last Online: 13 March, 2010 08:15 AM
Send a message via Yahoo to elishevadpw Send a message via Skype™ to elishevadpw
Default

Quote:
Originally Posted by firetown View Post
OK, I will ask Elisheva later. I bet it was not the latest version!
Uhm... yup as embarrassing as it sounds... it was a 1.0 version (not a 1.5) and I didn't even bother to upgrade it to the newest one.
  Reply With Quote
Old 26 December, 2008, 10:07 AM   #5 (permalink)
Super Moderator
 
Hellas's Avatar
 
Location: Bosnia
iTrader: (27)
Thanked 216 Times in 155 Posts
Posts: 1,078
$NetBucks: 602
Join Date: Dec 2008
Last Online: Yesterday 20:03 PM
Send a message via Skype™ to Hellas
Default

Joomla is very secure as long as you keep updated. Old Joomla is very easy to penetrate since Joomla release all bug information and bad people can see it and exploit it. JUst check links Will gaved, and stay updated.
  Reply With Quote
Old 26 December, 2008, 15:40 PM   #6 (permalink)
Newbie Net Builder
 
borce's Avatar
 
iTrader: (0)
Thanked 6 Times in 5 Posts
Posts: 77
$NetBucks: 38
Join Date: Dec 2008
Last Online: Yesterday 11:34 AM
Default

1. Always check Joomla page ( Joomla! )
2. Always see on milw0rm is there new Joomla vulnerability

  Reply With Quote
Old 12 January, 2009, 21:05 PM   #7 (permalink)
Super Moderator
 
firetown's Avatar
 
Location: shuddup
iTrader: (0)
Blog Entries: 3
Thanked 87 Times in 67 Posts
Posts: 501
$NetBucks: 206
Join Date: Dec 2008
Last Online: Yesterday 19:42 PM
Send a message via MSN to firetown Send a message via Yahoo to firetown Send a message via Skype™ to firetown
Default

Ouch I just checked his site and it´s almost like a hacker´s guide on which wp plugin happens to be the easiest to target right now.
And of course it helps people to find programs and plugins to avoid, but unfortunately the average user is not that savvy.

This video is front page http://milw0rm.com/video/watch.php?id=74
Seems like those who want to get into Joomla can if they are capable of following simple instructions.
  Reply With Quote
Old 12 January, 2009, 22:48 PM   #8 (permalink)
Mia Mia is offline
Net Builder
 
Mia's Avatar
 
Location: In a House
iTrader: (0)
Thanked 54 Times in 38 Posts
Posts: 86
$NetBucks: 311
Join Date: Dec 2008
Last Online: 21 December, 2009 20:08 PM
Send a message via AIM to Mia Send a message via MSN to Mia Send a message via Yahoo to Mia
Default

Just wanted to chime in here. So far, of any site I have seen get hacked, it is generally due to pilot error, even by myself. As previously mentioned, the Joomla guys are pretty on top of security issues. So far, I've not had any recent issues, at least not with the latest build. I have several joomla, sites fyi and have no issues outside of the one time I did something stupid.
__________________
Jer - OWNER HostDrive.Com and HostingLizard.com
  Reply With Quote
Reply

Bookmarks

Tags
joomla, secure


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Keeping Your Blog Secure Jesse Wordpress 8 10 July, 2009 21:44 PM
Secure your wordpress site Hellas Wordpress 3 6 July, 2009 14:15 PM
How do you legally secure your own software? firetown Tech-Talk 1 12 April, 2009 10:42 AM


All times are GMT. The time now is 00:46 AM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.1
vBAdvertise v1.0.0 Copyright ©2009, PixelFX Studios
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios