[Cialug] Slight OT: Joomla & Security
Matthew Nuzum
newz at bearfruit.org
Thu May 24 16:25:52 CDT 2012
On Thu, May 24, 2012 at 2:25 PM, jrnosee <jrnosee at gmail.com> wrote:
> Yeah, it's the locking down part I need to learn. Both of these were
> "installed" from an akeeba backup and I had to jump through hoops to get
> them working on this host.
>
> I still need to figure out proper registration security too. good thing
> I'm set up to require admin approved registration. Either joomla's
> ignoring captcha on registration or bots have no problem fooling it.
>
A prime way for people to hack websites is to find an open source software
version with a vulnerability and then scan the web for sites running that
version. Joomla, Wordpress and Drupal are three examples of such open
source software that is so popular that they're easily targeted.
One of the best ways to keep your site secure is to make sure you're up to
date on the software. This includes the themes and plugins that you use.
I don't use Joomla but I do use Drupal so I'll use it for illustrative
purposes. I subscribe to the Drupal announcement list so that I get
notified whenever a security update for Drupal is announced. I install as
few modules as possible and those I do install I ensure that I only use
"released" (not beta nor dev) versions. That way the update report feature
of Drupal can successfully notify me if an update to the module is
available.
Good luck on this. Alas, I've learned the hardway like you are now. It's a
pain. If you have the option to wipe and start clean, you may find it
beneficial.
--
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter
♫ You're never fully dressed without a smile! ♫
More information about the Cialug
mailing list