SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Hybrid View

  1. #1
    SitePoint Enthusiast abrodski's Avatar
    Join Date
    May 2010
    Location
    Israel
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Joomla security, server side (hosting-wise)

    My question is this:
    How secure, in general, Joomla 2.5.7 is IF a Joomla admin took all the necessary measures to protect his site? After all, there's also a server where Joomla physically resides (ie. hosting). Well, my hosting is one of the best for Joomla, but still...God knows what happens behind the curtain.
    To put it simple, without paying a hacker to try to break into the site, is there a way to make sure it's safe?
    I'm not talking about FBI or some wunderkind hackers here (those would surely crack any site), I'm asking about an average hacker (though not just some kid who only pretends to know all about hacking).
    I'm aware about cloud services like what Qualys and alike offer.
    Last, but not least...I'm not asking general public about their personal opinions (they vary), but only those who knows the subject well enough.
    P.S. Almost forgot...Hosting environment vs. self-hosting at home, security-wise?

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    ab,

    Joomla 3 is the current version but they're still supporting some version of Joomla 2 (I'll leave that to you to check out). You also need to use VERY strong passwords (http://strongpasswordgenerator.com) to protect your admin directory.

    I have a client who insisted on using Joomla (via another webmaster) so I secured Joomla-specialized hosting for him (apparently it uses more memory or CPU or ... whatever) and he got hacked (I'm sure he updated his Joomla installation). Apparently there was no malware installed but I recommended that he delete EVERYTHING and reinstall the latest version. After confirming that a maldet scan had detected no malware, I informed my client that, under normal circumstances, I would have terminated his account for failure to keep the CMS up to date because that is a major security concern to ALL accounts on the server.

    No need for a wunderkind, all that's needed is a "script kiddie" who knows where to look for the latest exploits - your site could be dead in a mere matter of hours after release of an exploit.

    All the more reason NOT to host at home! You cannot monitor 24/7/365 and, even if you could, you don't have the tools to monitor, block and repair the destriction wrought by any hacker, script kiddie or otherwise. Leave that to the professionals! I am so serious about this point that I won't even manage my own dedicated server - I leave that to the professional team at WebHostingBuzz!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,514
    Mentioned
    37 Post(s)
    Tagged
    1 Thread(s)
    My primary tip with regards to security and joomla .. is don't use joomla
    (it has more exploits than pretty much all other cms combined)

    If you must use it, put .htaccess authentication on the admin directory, install in a non-default path, lock down file read/write access permissions as strict as you can, reduce the amount of plugins you use, sign up for security alerts for joomla and any plugins you do use, keep it up to date, avoid shared hosting, avoid free themes unless you are 100% certain of the provenance. Read this and apply everything in there: http://docs.joomla.org/Security_Checklist/Joomla!_Setup


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •