I got an email the other day from one of our customers that i would like to share with all of you. The more I thought about how I was going to answer this question I could see two completely different points of view to why this Joomla user was so fed up. But then again, I didn't know the entire story either so I had to do my part to bring up a few good points about why Joomla is not all that bad. I found this email very interesting and the more I thought about it the more I wanted to share it with everyone that is using Joomla for their website and primary means of doing business.

Please read on...

"Dear Mike,

 

I have been using Registration Pro since December 2007 and it works well.  The learning curve is not that steep and it does what I need it to do.  The biggest problem I have and why I need to stop using it is Joomla.  My site was crashed by a hacker and I do not have any confidence in that CMS any longer.  If you have any help you can provide or any other info to help me regain that confidence, I would appreciate it.  If not than I regret to say that I will no longer be using Reg Pro.

 

Regards,"

(name removed for privacy)

 

Let's just think about this for a few minutes. What is this guy's issue with Joomla? Is the issue even Joomla related?

 

So here is our response to this email.

 

"Dear Sir,


Well there is NO system on the net ANYWHERE that is 100% secure.

I also do not know what your circumstances with your site being hacked. There are many, many things to consider that may not even be the Joomla team's fault.


1. Was you Joomla site updated to the latest version possible?

2. Was your website hacked via a 3rd party extension vulnerability?

3. If your site was hacked via a 3rd part extension, were you using the latest version of that extension or an outdated one?

4. Was your server or hosting provider responsible for the vulnerability? RE: open ports, etc?

Many sites get hacked day in and day out, both Joomla and non-Joomla websites. At the JoomlaEXPO back in May I had attended a security presentation put on by Tom Canavan. Someone there had asked him about his thoughts about how secure he thought Joomla was. His answer was "Joomla is 100% secure until you put it on a server!"

This statement woke everyone up. Most hacks are allowed to happen because of someone's oversight somewhere. Meaning in the areas that I have listed above. The most recent series of attacks that were targeting Joomla 1.5.0 - 1.5.5 websites was patched immediately and released in about 3hrs. Read this article referenced below. I was very impressed with their speed of resolving this issue. Sometimes it isn't the problems itself, but the way they are handled that makes a great software community. Also, keep in mind, you are using an open source system. They are more vulnerable to attacks due to the larger user base and the bad guys can see the code to look for holes in the software. But again, there are many other reasons that a site can get hacked besides the core software itself.

 
Here is the article.

http://developer.joomla.org/coordinator-blog/245-how-joomla-156-came-about.html

Also, I do not know of any other CMS that would put together a special group of people such as the new Joomla Security Strike Team.

http://www.joomla.org/announcements/general-news/5205-the-new-joomla-security-strike-team-attacks.html

 
Regards,
Mike Carson

Joomla Showroom"

Just thought this email might help others understand the importance of updating sites and components and server settings. They ALL play a very important part in your website's security.

Comments (0)

Subscribe to this comment's feed

Name

Email

Title

Comment

smaller | bigger

Subscribe via email (registered users only)

I have read and agree to the Terms of Usage.

Write the displayed characters

Add Comment