Joomla! Forum - community, help and support

rliskey wrote: 10. Go with the cheapest hosting provider you can find, perferably a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites.

^^ Only have TWO PROBLEMS with this.
1. Most or Many users have NO CHOICE in the hosting provider. They werent just sitting around thinking, HEY! LETS MAKE A WEBSITE! and then start planning which quality host to use.  Few can afford or justify a DEDICATED SERVER to host their little league website or Crochet/Knitting community group. Many people ALREADY had some pokey HTML or POSTNUKE site and were CONVERTED by Joomla Evangelists like myself. Switching to another host leads them to the bryzantine world of DOMAIN and hosting contracts which often mean they have to have a dead or unavailable site while the DNS gets rerouted

2.As for "high traffic porn sites"? -an inflammatory interjection into an otherwise logical debate (hey most of us were made with a little bit of mom & dad porn anyway, what do I care? :P,
....though I would guess such sites rank a wee bit higher  on the totem pole than Phishing sites, Jhihad sites, Neo-Nazi & Anarchy forums, high traffic or otherwise )



8. Don't waste time adjusting PHP and Joomla! settings for increased security. Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.

Here I feel Joomla JUST HAS TO STEP UP AND DO MORE
The three tiered login security in the backend is a good start, and the REGISTER GLOBALS security check is even better! now, if Joomla could provide a 'code/site snapshot' module that you could upload periodically and run to generate a md5 hash of all your site files for comparison with earlier runs, that would be a BIG PLUS.

Implementing the .HTACCESS protection rules could be a little more clearly documented and separated from the SEO/SEF stuff, good steps are in place, just needs a bit more noobie friendliness...
Maybe the install could do an initial backup for the user?
Or a save initial/current settings option?


5. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server? If an installation fails, you'll just uninstall it again. That will hopefully undo any damage the installation caused.
true. But this is often unavoidable, especially with AJAX code and server settings/version numbers, there's just no substitute for just doing it live on your running site ... just backup first and DOCUMENT WHAT YOU ARE DOING

4. Trust all third party extensions, and install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.

3. Don't worry about updating to the latest version of Joomla!. Hey, nothing's gone wrong so far! Same plan for the third party extensions. Too much work anyway.

2. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions were installed.

A little bit of OUR FAULT HERE.
The SITE SHOWCASE FORUM has all KINDS OF RULES governing posts in that forum (indeed I was banned for three days for 'rating' presented site :P see offending post here ->http://forum.joomla.org/index.php/topic ... #msg576504

There should be a rigid template for entering hack reports.
I agree,there's just too darned much "I BEEN HACKED BY ****" followed by three or four posts of obligatory teeth pulling to get the prerequisite information :grrr:



1. Once your site's been cracked, remove the file the attackers defaced, and assume that all is now well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming actions. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.

Can we help here? maybe add a rudimentary -log file checker to the joomla backend? and maybe a little link to some log file format documentation? Maybe just enough functionality and information to whet the appetite and encourage them to search for more?
mant of the hacked NEVER looked at logs till the hack

rliskey wrote: 7. Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.

brian wrote: just a thought but perhaps something along the same lines as this thread could be included as sample content. it MIGHT mean that more people read and take notice

I would like to translate it for the germans.
Very nice, and more funny than just saying "you have to do this and that"

Searching before asking, however sometimes cannot find answer. Any Insight?

"Computers are stupid. They can only give you answers."

rliskey wrote:The only insight I can think of comes from Picasso...

rliskey wrote:"Computers are stupid. They can only give you answers."

Basetballjones wrote: Truth always hurts a little, but it's good for us!
I've been guilty of every item on that list save the "OMG I've been haxed!" thread

If I report an issue that big and infuriating, it's going to look like a friggin nuclear reactor user's manual before I am done with it. 

My favorite though, is when someone asks me to help them design a site, afterwards I instruct them on how to make changes and then afterwards, close up the holes- and they never do.

DocMartin wrote: Good thread.

But surely gives the lie to claim Joomla is "easy to manage"!

Who wrote that, I wonder. 
(Claim maybe true if you're regular human who installs, does a little with J and moves on; or if you're some kind of cyberbeing. Otherwise, "easy" is just plain wrong.)

<p style="center">Joomla does it for me, as well as hundreds of other things.</p>