Hi
My host has a partnership with 'site lock', so I signed up. :-)
I later upgraded to their premium service where they check my site daily. One of the services they offer is a "hardening". As a result I have a few questions. :-)
1) Are their any known issues with hardening in Joomla?
2) Will hardening impact component or module upgrades?
Thank you
Has anyone done 'site lock' hardening service?
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
dtarver
- Joomla! Explorer
- Posts: 302
- Joined: Fri Oct 28, 2005 3:48 pm
- Location: NYC
- Contact:
Has anyone done 'site lock' hardening service?
Free Project Management Templates & Successful Project Management Resources
http://www.e-ProjectManagers.com Ready To Help You!
http://www.e-ProjectManagers.com Ready To Help You!
-
LiVECrys
- Joomla! Intern
- Posts: 61
- Joined: Sun Sep 23, 2007 8:17 pm
Re: Has anyone done 'site lock' hardening service?
It depends on what their process to "harden" joomla is. If you have a solid host, keep joomla up to date, use good passwords, and etc you should be fine.
As for upgrades impacted, once again it depends on what they do to "harden" it.
As for upgrades impacted, once again it depends on what they do to "harden" it.
-
dtarver
- Joomla! Explorer
- Posts: 302
- Joined: Fri Oct 28, 2005 3:48 pm
- Location: NYC
- Contact:
Re: Has anyone done 'site lock' hardening service?
What should I ask them about what they do?
I am using 'site lock'.
I am using 'site lock'.
Free Project Management Templates & Successful Project Management Resources
http://www.e-ProjectManagers.com Ready To Help You!
http://www.e-ProjectManagers.com Ready To Help You!
-
PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: Has anyone done 'site lock' hardening service?
If you don't know what "they" are doing then why did you sign up? Why not visit their website and see what they are offering or ask your customer support what is offered or done?
You also do not really need a service like this. All they are going to do is say "hey your site has been hacked and we can fix it for xxx additional money". Or say "we applied hacking methods and your site is vulnerable to this xxx procedure (which may be a false positive) and we can fix this issue for xxx money".
No site exposed to the web is 100% safe from hacking. Following the few simple rules below will prevent most hacks from happening.
1.) Use a decent hosting provider. Cheap is not necessarily bad, and expensive is not necessarily good. Do your research. Take a few minutes to search for and read comments and reviews left by other users.
2.) If you don't need it for your sites functionality then don't install it. If you do need it for your sites functionality, take a few minutes to search for and read comments and reviews left by other users of that software to make sure you’re not getting more than you bargained for by installing the software.
3.) If you installed it then keep it updated. The hackers are constantly looking for outdated, security compromised software to exploit. Save yourself a lot of work, and don't become a statistic, update!!
4.) If you no longer need it for your sites functionality, then remove it. This includes any files that may be left behind after uninstalling extensions. It is easy to forget about things no longer in use. Remove those things before a hacker finds them for you! You can always reinstall it if needed later.
5.) Back it up and test those backups to make sure they work properly before you need them, not when you need to depend on one.
6.) Avoid updating software on your laptop or other mobile device while you are using a wired or wireless network that is untrusted and public. This means those free (and paid) Wi-Fi networks like those that are available in hotels, and coffee shops, public libraries and so on. Also avoid updating software using a tethered connection through your smart phone. Many laptops, phones and other mobile devices will automatically switch over to available Wi-Fi networks if the 3G/4G signal dies. Malicious software could be downloaded while using such untrusted networks and connections and infect your laptop or mobile device (tablet) and thus infecting your website(s) or stealing passwords used for website access.
Yes, there are many things one can add, but they pretty much all fit into these few rules.
If your not willing to follow these few rules, then hire someone who will follow these rules. Everyone will be happier in the long run.
You also do not really need a service like this. All they are going to do is say "hey your site has been hacked and we can fix it for xxx additional money". Or say "we applied hacking methods and your site is vulnerable to this xxx procedure (which may be a false positive) and we can fix this issue for xxx money".
No site exposed to the web is 100% safe from hacking. Following the few simple rules below will prevent most hacks from happening.
1.) Use a decent hosting provider. Cheap is not necessarily bad, and expensive is not necessarily good. Do your research. Take a few minutes to search for and read comments and reviews left by other users.
2.) If you don't need it for your sites functionality then don't install it. If you do need it for your sites functionality, take a few minutes to search for and read comments and reviews left by other users of that software to make sure you’re not getting more than you bargained for by installing the software.
3.) If you installed it then keep it updated. The hackers are constantly looking for outdated, security compromised software to exploit. Save yourself a lot of work, and don't become a statistic, update!!
4.) If you no longer need it for your sites functionality, then remove it. This includes any files that may be left behind after uninstalling extensions. It is easy to forget about things no longer in use. Remove those things before a hacker finds them for you! You can always reinstall it if needed later.
5.) Back it up and test those backups to make sure they work properly before you need them, not when you need to depend on one.
6.) Avoid updating software on your laptop or other mobile device while you are using a wired or wireless network that is untrusted and public. This means those free (and paid) Wi-Fi networks like those that are available in hotels, and coffee shops, public libraries and so on. Also avoid updating software using a tethered connection through your smart phone. Many laptops, phones and other mobile devices will automatically switch over to available Wi-Fi networks if the 3G/4G signal dies. Malicious software could be downloaded while using such untrusted networks and connections and infect your laptop or mobile device (tablet) and thus infecting your website(s) or stealing passwords used for website access.
Yes, there are many things one can add, but they pretty much all fit into these few rules.
If your not willing to follow these few rules, then hire someone who will follow these rules. Everyone will be happier in the long run.
PhilD
-
leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Has anyone done 'site lock' hardening service?
Which is a complete incorrect statement. They actively scan a site, every day, report results to you and remove malware if found automatically. We have used them 2 years on one of our sites to full satisfaction so I suggest that you might not make statements about services of service providers you have no knowledge about?PhilD wrote:All they are going to do is say "hey your site has been hacked and we can fix it for xxx additional money". Or say "we applied hacking methods and your site is vulnerable to this xxx procedure (which may be a false positive) and we can fix this issue for xxx money".
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
-
WMRSHelp
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Oct 02, 2012 1:34 pm
- Location: Sarasota,FL
- Contact:
Re: Has anyone done 'site lock' hardening service?
I agree with PhilD on this. I have several clients that have used their service and they want extra fee's to clean the site after something is detected, and they aren't cheap. If you just do what PhilD states, you don't need a service like this.
-
leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Has anyone done 'site lock' hardening service?
This is incorrect.... I am sorry but our experience is different. (We do not use them any longer for simply financial reasons since they are now too expensive for what they offer) and I cannot recall your experience at all.. I have found them professional, cordial and cleaning the basics.... If you are completely infested (which is than your own mistake or your hosting providers mistake) than they will ask your money. That is fair dealWMRSHelp wrote:I agree with PhilD on this. I have several clients that have used their service and they want extra fee's to clean the site after something is detected, and they aren't cheap. If you just do what PhilD states, you don't need a service like this.
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
