The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 50 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Mon Nov 27, 2006 7:06 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
10. Go with the cheapest hosting provider you can find, preferably a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites. Don't check the list of recommended hosting providers.

9. Don't waste time with regular backups. Maybe the hosting provider will help you.

8. Don't waste time adjusting PHP and Joomla! settings for increased security. Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.

7. Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.

6. Install your brand new beautiful Joomla!-powered site, celebrate a job well done, and don't worry about it again. After all, if you don't make any more changes, what can go wrong?

5. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server anyway? If an installation fails, you'll just uninstall it again. That will hopefully also undo any damage the installation caused.

4. Trust all third-party extensions, and install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.

3. Don't worry about updating to the latest version of Joomla!. Hey, nothing's gone wrong so far! Same plan for the third-party extensions. Too much work anyway.

2. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions were installed.

1. Once your site's been cracked, fix the defaced file and then assume all is well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming actions. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Last edited by rliskey on Thu Nov 30, 2006 5:05 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Mon Nov 27, 2006 7:35 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17264
Location: **Translation Matters**
Thanks for this.

Hard for some to be exposed to true facts, but a very necessary list.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Mon Nov 27, 2006 11:26 am 
I've been banned!

Joined: Sat Sep 03, 2005 3:37 pm
Posts: 143
rliskey wrote:
10. Go with the cheapest hosting provider you can find, perferably a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites.

^^ Only have TWO PROBLEMS with this.
1. Most or Many users have NO CHOICE in the hosting provider. They werent just sitting around thinking, HEY! LETS MAKE A WEBSITE! and then start planning which quality host to use.  Few can afford or justify a DEDICATED SERVER to host their little league website or Crochet/Knitting community group. Many people ALREADY had some pokey HTML or POSTNUKE site and were CONVERTED by Joomla Evangelists like myself. Switching to another host leads them to the bryzantine world of DOMAIN and hosting contracts which often mean they have to have a dead or unavailable site while the DNS gets rerouted :(

2.As for "high traffic porn sites"? -an inflammatory interjection into an otherwise logical debate (hey most of us were made with a little bit of mom & dad porn anyway, what do I care? :P,
....though I would guess such sites rank a wee bit higher  on the totem pole than Phishing sites, Jhihad sites, Neo-Nazi & Anarchy forums, high traffic or otherwise :) )




8. Don't waste time adjusting PHP and Joomla! settings for increased security. Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.

Here I feel Joomla JUST HAS TO STEP UP AND DO MORE
The three tiered login security in the backend is a good start, and the REGISTER GLOBALS security check is even better! now, if Joomla could provide a 'code/site snapshot' module that you could upload periodically and run to generate a md5 hash of all your site files for comparison with earlier runs, that would be a BIG PLUS.

Implementing the .HTACCESS protection rules could be a little more clearly documented and separated from the SEO/SEF stuff, good steps are in place, just needs a bit more noobie friendliness...
Maybe the install could do an initial backup for the user?
Or a save initial/current settings option?



5. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server? If an installation fails, you'll just uninstall it again. That will hopefully undo any damage the installation caused.
:( true. But this is often unavoidable, especially with AJAX code and server settings/version numbers, there's just no substitute for just doing it live on your running site ... just backup first and DOCUMENT WHAT YOU ARE DOING

4. Trust all third party extensions, and install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.

3. Don't worry about updating to the latest version of Joomla!. Hey, nothing's gone wrong so far! Same plan for the third party extensions. Too much work anyway.

2. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions were installed.

A little bit of OUR FAULT HERE.
The SITE SHOWCASE FORUM has all KINDS OF RULES governing posts in that forum (indeed I was banned for three days for 'rating' presented site :P see offending post here ->http://forum.joomla.org/index.php/topic ... #msg576504

There should be a rigid template for entering hack reports.
I agree,there's just too darned much "I BEEN HACKED BY ****" followed by three or four posts of obligatory teeth pulling to get the prerequisite information :grrr:



1. Once your site's been cracked, remove the file the attackers defaced, and assume that all is now well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming actions. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.

Can we help here? maybe add a rudimentary -log file checker to the joomla backend? and maybe a little link to some log file format documentation? Maybe just enough functionality and information to whet the appetite and encourage them to search for more?
mant of the hacked NEVER looked at logs till the hack



:laugh: LMBO @ 'PARANOID' I've been accussed of being paranoid HERE on this forum by .... oh well... all considered, a very thought provacative post ...too bad most people wont even read it until the day after their hacked..

maybe the New Joomla in the  control panel could have a link to RECOMMENDED READING to encourage click through to this section??

maybe SECURITY, BAD 3PD COMPONNENTS and similar thread could be 'stickied' in the Joomla backend??


Top
 Profile  
 
PostPosted: Mon Nov 27, 2006 12:34 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10491
Location: Leeds, UK
just a thought but perhaps something along the same lines as this thread could be included as sample content. it MIGHT mean that more people read and take notice

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Top
 Profile  
 
PostPosted: Mon Nov 27, 2006 5:29 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Sep 07, 2006 2:09 pm
Posts: 31
Location: Dallas, TX
rliskey wrote:
7. Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.


I've heard from many reputable sources that it's more secure to use different usernames for everything than it is to use different passwords (and far safer information to write down/store), provided your standard password is not an unmodified real-word derivative...though different passwords will help, but only nominally so.

Personally, I use location-based passwords to go along with whatever set of usernames I'm working with, and I take care to change them bi-monthly.

Great post, though...a must read for anyone, not just site admins.


Last edited by bradfordhill on Mon Nov 27, 2006 5:31 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Mon Nov 27, 2006 5:41 pm 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
brian wrote:
just a thought but perhaps something along the same lines as this thread could be included as sample content. it MIGHT mean that more people read and take notice


On it :)

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Mon Nov 27, 2006 6:11 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10491
Location: Leeds, UK
great

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Top
 Profile  
 
PostPosted: Mon Nov 27, 2006 8:21 pm 
Joomla! Hero
Joomla! Hero

Joined: Sun Aug 28, 2005 5:03 pm
Posts: 2447
I am just so guilty on #5! LOL

But at least I knew I was wrong about that before this list came out! LOL

As for Joomla doing more I agree on the hash list but considering how many people hack files there would need to be some way to incorporate user changes to the check...

As for HTACCESS, I just don't see how J! could possibly take into account every server situation it might come accross....
not without including it's own PHP.INI and an HTACCESS that overrides every setting in apache irregardless of if it needs to be overwritten or not...


Top
 Profile  
 
PostPosted: Tue Nov 28, 2006 5:29 am 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Sun Oct 22, 2006 4:42 am
Posts: 9352
Location: Sunshine Coast, Queensland, Australia
This has got to be the best post for weeks...! 

Sorry, Brian, Hackwar,  your security posts come nowhere near as good at this one 

Thanks for the laugh and touch of reality.... within minutes of reading, I went back out in to the fray and managed to identify 6 out of the 10 points in new posts  LOL

_________________
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
Network SMARTS, Systems Engineering http://www.networksmarts.com.au/


Top
 Profile  
 
PostPosted: Tue Nov 28, 2006 5:45 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 12:38 am
Posts: 13388
Location: Sydney - Australia
Ron, can I post this to my blog and reference your thread? I love it!

_________________
Brad Baker - Follow me on Google+
http://www.rochen.com - Joomla! Hosting, the correct way.
http://www.joomlatutorials.com <-- Joomla Help & Tutorials
^Now with Joomla 2.5 and Joomla 3.0 Tutorials


Last edited by brad on Tue Nov 28, 2006 5:50 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Tue Nov 28, 2006 5:49 am 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Sun Oct 22, 2006 4:42 am
Posts: 9352
Location: Sunshine Coast, Queensland, Australia
Thats cheating Brad...!    :P


Having now been through a few more of the daily posts,  I gotta tell yer, rliskey's sense of humour is certainly coming out on top today, gotta appreciate that  ;)

_________________
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
Network SMARTS, Systems Engineering http://www.networksmarts.com.au/


Last edited by RussW on Tue Nov 28, 2006 5:53 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Tue Nov 28, 2006 7:22 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Thu Aug 18, 2005 11:18 pm
Posts: 670
Location: Athens - Greece
I will translate it and post it at Greek Joomla sites!

_________________
--
Aris Ntatsis
http://www.joomla.gr
http://www.onscreen.gr


Top
 Profile  
 
PostPosted: Tue Nov 28, 2006 7:12 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
Ha! Glad most of you liked the post. I was a little worried. Before anyone's feelings get hurt, let me say that I've been guilty of every one of these "tricks", and am still guilty of a few. But I'm learning...
;)

"Slowly, slowly climbs the snail.
Up the slope of Mt. Fuji."

                                          -Basso

Humor is a touchy thing, especially cross-culturally. (Assuming of course that we all have a culture. Mahatma Gandhi, as you know, wisely differed with the dominant paradigm on this point. And recent political events seem to confirm his observation.)

Re: the reference to porn
My reason for mentioning porn was to give a typical example of the kinds of high-traffic/low cost sites that can and often do bog down a shared server. Porn sites are notorious producers--and targets--of spam, an activity that most people don't want on their server for purely technical reasons:
  1) server runs slowly or crashes (think 100% CPU load) and/or,
  2) all IPs on that server get black listed and/or,
  3) server gets shut down, reorganized, moved, or worst of all,
  4) server is simply ignored by the host and left to flounder.

Re: Is it okay to cross-post?
Absolutely! I don't have a copyright on stupid tricks, although sometimes it feels like I do have the corner on them.  But then I read the forums and feel better again.
:D

Hey, an idea! I'll copyright stupid tricks! From now on, you need to send me 5% of anything you lose because of a stupid trick. Oh! Looks like Microsoft already grabbed that copyright!

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Last edited by rliskey on Fri Dec 01, 2006 7:16 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Tue Nov 28, 2006 7:24 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 12:38 am
Posts: 13388
Location: Sydney - Australia
Done: http://dev.joomla.org/component/option, ... ,33/p,230/ :D

_________________
Brad Baker - Follow me on Google+
http://www.rochen.com - Joomla! Hosting, the correct way.
http://www.joomlatutorials.com <-- Joomla Help & Tutorials
^Now with Joomla 2.5 and Joomla 3.0 Tutorials


Top
 Profile  
 
PostPosted: Tue Nov 28, 2006 10:54 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Aug 18, 2005 5:50 am
Posts: 207
Location: Vancouver, BC, Canada
That was a great post thank you!

:)

_________________
Rastin Mehr - Founder/Web Application Architect
http://www.rmdstudio.com - Social People Building Social Web Solutions ™
http://www.Anahitapolis.com - The Anahita Social Engine ™ project


Top
 Profile  
 
PostPosted: Wed Nov 29, 2006 11:06 am 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Sun Oct 22, 2006 4:42 am
Posts: 9352
Location: Sunshine Coast, Queensland, Australia
Ron

You just made my day again.....  ;D

_________________
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
Network SMARTS, Systems Engineering http://www.networksmarts.com.au/


Top
 Profile  
 
PostPosted: Fri Dec 01, 2006 12:33 am 
Joomla! Virtuoso
Joomla! Virtuoso

Joined: Sun Apr 16, 2006 12:20 am
Posts: 3193
Location: 127.0.0.1
Gotta love #10 on the list.  :D

I am guilty of #5 though. I mean, it's just SO much faster to upgrade/install on a live site. I mean after all I do have backups when things go wrong. :)

_________________
Backup, backup, backup!
The "Master" .htacess file by Nicholas http://snipt.net/nikosdion/the-master-htaccess


Top
 Profile  
 
PostPosted: Sat Dec 02, 2006 12:45 pm 
User avatar
Joomla! Intern
Joomla! Intern

Joined: Sat May 13, 2006 11:51 am
Posts: 96
Location: Guayaquil
I would like to translate it for the germans.

Very nice, and more funny than just saying "you have to do this and that"  ;)


Top
 Profile  
 
PostPosted: Mon Dec 04, 2006 2:54 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
Quote:
I would like to translate it for the germans.
Very nice, and more funny than just saying "you have to do this and that"


Danke, und ich wuenche Dir viel Spass dabei.  :D

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Last edited by rliskey on Fri Dec 29, 2006 3:57 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Thu Dec 28, 2006 6:13 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Mon Jan 16, 2006 1:33 am
Posts: 221
Location: Vienna, VA
Guilty on all charges (well, almost all).  :-[

Great stuff. One more thing that maybe didn't make it onto the original list is actually believing the following: "Hey, I'm just the little guy. Who would want to take advantage of my site?"

The really scary thing about what's happening here is that at some point these people have full access to your server account. They could easily do a lot more damage than they typically do.

_________________
Bruce Scherzinger


Top
 Profile  
 
PostPosted: Wed Jan 03, 2007 7:56 pm 
Joomla! Guru
Joomla! Guru

Joined: Fri Dec 29, 2006 11:57 pm
Posts: 605
Hi rliskey,

Thanks a lot for this informative thread.

May I suggest updating this to be introduced into the Security FAQ's forum?
http://forum.joomla.org/index.php/board,322.0.html

Thanks,

_________________
Me = Wonder + Ponder
http://www.hichamaged.net/


Top
 Profile  
 
PostPosted: Thu Jan 04, 2007 11:18 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
Quote:
Searching before asking, however sometimes cannot find answer. Any Insight?


The only insight I can think of comes from Picasso...

Quote:
"Computers are stupid. They can only give you answers."

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Top
 Profile  
 
PostPosted: Fri Jan 05, 2007 12:14 am 
Joomla! Guru
Joomla! Guru

Joined: Fri Dec 29, 2006 11:57 pm
Posts: 605
rliskey wrote:
The only insight I can think of comes from Picasso...

Hey, give me a break! Picasso is already working somewhere else right now! (username + password = undefined)
8)

rliskey wrote:
"Computers are stupid. They can only give you answers."

Very Stupid indeed, however, sometimes it depends on the user's input
:laugh:

_________________
Me = Wonder + Ponder
http://www.hichamaged.net/


Top
 Profile  
 
PostPosted: Wed May 09, 2007 12:42 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed May 09, 2007 5:36 am
Posts: 1
this is tough since i'm not really a computer guy  :'(

_________________
Signature Rules: http://forum.joomla.org/index.php/topic,65.0.html


Top
 Profile  
 
PostPosted: Fri May 11, 2007 12:28 am 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Mon Sep 26, 2005 10:36 am
Posts: 175
Location: Ballarat - Australia
Does this mean I have to change my user name of "admin" and password of "admin"?

My kids could not work it out?


Top
 Profile  
 
PostPosted: Fri May 11, 2007 2:05 am 
Joomla! Ace
Joomla! Ace

Joined: Sat Feb 10, 2007 8:26 pm
Posts: 1618
Awesome post.

_________________
-Matt H
http://ninjaforge.com


Top
 Profile  
 
PostPosted: Fri May 11, 2007 2:45 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sat Jan 06, 2007 5:43 pm
Posts: 230
Truth always hurts a little, but it's good for us!
I've been guilty of every item on that list save the "OMG I've been haxed!" thread

If I report an issue that big and infuriating, it's going to look like a friggin nuclear reactor user's manual before I am done with it.  :pop

My favorite though, is when someone asks me to help them design a site, afterwards I instruct them on how to make changes and then afterwards, close up the holes- and they never do.  Simple CHmods  oh no!
After a month or so when the turkish cyber army or whoever put's pretty pictures all over their homepage they blame me for lousy coding or setting them up with flawed software I ask them what the permissions on their config php is or was before it was deleted...

their answer "umm..  locked?"  :D

_________________
http://www.fraganoob.com&nbsp; Putting Gamers in Control!


Top
 Profile  
 
PostPosted: Sun May 13, 2007 11:30 pm 
I've been banned!

Joined: Wed May 09, 2007 11:34 am
Posts: 53
Basetballjones wrote:
Truth always hurts a little, but it's good for us!
I've been guilty of every item on that list save the "OMG I've been haxed!" thread

If I report an issue that big and infuriating, it's going to look like a friggin nuclear reactor user's manual before I am done with it.  :pop

My favorite though, is when someone asks me to help them design a site, afterwards I instruct them on how to make changes and then afterwards, close up the holes- and they never do.


I modify their code so that if any file (on the secure list) is writable (and it should not be) the site wont run until the permissions are set appropriately. I got the idea from the Joomla install, which wont allow you to continue if the install files are still present.

IMHO Joomla should do something like that as well for security/file  settings it has the ability to SEE are a vulnerability issue.
It should be a Joomla default behaviour -but it isnt - It would be similar in practice to the "Fasten Seatbelt light and image, also the little 'chirp' you get every 2 minutes if you insist on running the car with it on!

Joomla should have it by default, IMHO, but wont.. oh well...


Top
 Profile  
 
PostPosted: Mon May 14, 2007 5:58 am 
User avatar
Joomla! Intern
Joomla! Intern

Joined: Thu Sep 15, 2005 9:06 am
Posts: 69
Location: Hong Kong
Good thread.

But surely gives the lie to claim Joomla is "easy to manage"!

Who wrote that, I wonder.  ???
(Claim maybe true if you're regular human who installs, does a little with J and moves on; or if you're some kind of cyberbeing. Otherwise, "easy" is just plain wrong.)

_________________
http://www.hkoutdoors.com - Hong Kong's wildest travel site.
http://www.drmartinwilliams.com - Conservation, travel, inspiring people; guff re Joomla


Top
 Profile  
 
PostPosted: Mon May 14, 2007 6:24 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Sat Jan 06, 2007 5:43 pm
Posts: 230
DocMartin wrote:
Good thread.

But surely gives the lie to claim Joomla is "easy to manage"!

Who wrote that, I wonder.  ???
(Claim maybe true if you're regular human who installs, does a little with J and moves on; or if you're some kind of cyberbeing. Otherwise, "easy" is just plain wrong.)


To be perfectly factual, on a comparative basis, Joomla is very easy.

Firstly- Joomla takes nearly thousands of web design functions and maps them to simple buttons.  Point and click web design.  It is a CMS, and as such, it takes over 80% of the work out of building,  deploying, maintaining, and securing a web site.  I can simply mention the amount of time I have save not typing this out in full:

Code:
<p style="center">Joomla does it for me, as well as hundreds of other things.</p>


I have probably saved 50 man hours on HTML elements alone.. And that is just one tiny example, overrall, Joomla has saved me countless  hundreds of hours in design and maintenance time. Joomla is the best damned employee I've ever had ;)

Secondly- Any website has to be secured, and Joomla makes much of this ready integrated and the rest is fairly easy to implement if you read a little.  I don't care what you find to build websites, they all have to be secured, and without the benefit of the assistance Joomla, or other CMS' offer, you have a long days work ahead doing it all yourself.

I have worked with and on a few commercial/ enterprise grade CMS systems, and they don't offer much more than Joomla other than Oracle databases and ASP encoding, but you still have to go through all the steps of securing your property against attack as anything else.

_________________
http://www.fraganoob.com&nbsp; Putting Gamers in Control!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 50 posts ]  Go to page 1, 2  Next



Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group