Secure Joomla 1.6?

[Perses]

I’ve read the security check list. Can Joomla 1.6 be secured? I don’t care if it disables some features. I have no third party extensions.

My host tells me the software has been compromised such that criminals were able to send copious amounts of spam on several occasions since 2014.

I don’t need any new features. I just want to get off the upgrade treadmill and not be bothered by this anymore. I just have a help site, I don't ask for donations or sell anything. I have other responsibilities in my life to tend to besides constantly upgrading PHP software.

[tuum]

Perhaps you should consider https://www.joomla.com/
While it is somewhat limited compared to your own Joomla instance, if you have no third party extensions and don't want to have to worry about maintaining the Joomla version, it might be a good solution for you.

[Per Yngve Berg]

Mod. Note: Relocated the Topic from the J1.5 to the J2.5 Forum. J1.6 is the first short term release of the 2.5 series.

It has many bugs and are not secure. The latest version was 1.6.6.

[Bernard T]

Joomla 1.6 is a start of the branch of which 2.5.28 is the latest version and you should upgrade to that version as soon as possible.

But since you have a hacked website follow this http://forum.joomla.org/viewtopic.php?f=621&t=582854

[Perses]

Perhaps you should consider https://www.joomla.com/
While it is somewhat limited compared to your own Joomla instance, if you have no third party extensions and don't want to have to worry about maintaining the Joomla version, it might be a good solution for you.

What you say has much merit. If I had it to do over again and if I were aware of that option in 2011 when I started my site I might have gone in that direction. As it was I chose paid hosting, which was my preference.

At this point my only option is to try and save my site even though that possibility looks more remote as every day I spend working on this passes.

Thank you for your suggestion.

[Perses]

Joomla 1.6 is a start of the branch of which 2.5.28 is the latest version and you should upgrade to that version as soon as possible.

Is 2.5.28 secure?

But since you have a hacked website follow this http://forum.joomla.org/viewtopic.php?f=621&t=582854

Thank you for your suggestion. I'm looking at that and trying to see if I can make a plan to save my site. Please read Upgrade from 1.6.0 to latest version? and help if you can please.

[Perses]

When I downloaded Joomla 1.6.0 in 2011 it was with the impression that it was the best option available. In 2015 I’m told that it’s buggy and insecure. Hindsight is 20/20. While I bear responsibility for not updating I point out that no one ever tells you when you first start using software that it’s buggy and insecure (or how insecure it may become). I only found that out later.

IMO anyone considering committing the future of their content to PHP software should think long and hard before going forward with that decision and be warned by my experience. Joomla has many attractive features and I was drawn by the bright shiny but if I had it to do over again I would have seriously considered using static HTML rather that being in the predicament I’m in now.

This post is based on my hard earned personal experiences. If you think Joomla or PHP software is great that’s fine. I’m not going to debate with anyone about what I’ve said here.

Anyone who has suggestions about how I might fix my site please Please read Upgrade from 1.6.0 to latest version?. TIA for your help.

[tuum]

Is 2.5.28 secure?

The Joomla 2.5 series had it's official end of life in December 2014. End of life basically means that this version is no longer maintained, so no new features and no more updates. It also means that if there are any security issues identified, there will be no official fix. That said, I know of many Joomla 2.5 sites that have no immediate plans to upgrade to the Joomla 3 series.
The Joomla 2.5 series is stable and has no current known vulnerabilities, but there is always a risk when using end of life software that someone may find and exploit an issue in the future.

The official recommendation is that you should use the current version of Joomla, which as of right now is Joomla 3.4.3. There are some advantages of using Joomla 3, such as the content version history, mobile responsive by default backend, front end module editing, just to name a few.

Note that SiteGround have an automatic core Joomla update service that might be of interest to you.
https://www.siteground.com/tutorials/jo ... update.htm

When I downloaded Joomla 1.6.0 in 2011 it was with the impression that it was the best option available. In 2015 I’m told that it’s buggy and insecure. Hindsight is 20/20.

That's a fair point.

Anyone who has suggestions about how I might fix my site please

I would agree with the suggestions in this post
http://forum.joomla.org/viewtopic.php?f ... 9#p3313791

Also note that you may have some issues with your site template, so it may be necessary to either apply minor fixes or get a new template. I would recommend doing a full site backup (with Akeeba Backup), and try the upgrade on your localhost and address all the issues, then transfer it to your live site. If you have any third party extensions, make sure you update them to the latest version.

[Perses]

Is 2.5.28 secure?

The Joomla 2.5 series is stable and has no current known vulnerabilities, but there is always a risk when using end of life software that someone may find and exploit an issue in the future.

That's useful information. Thanks

Note that SiteGround have an automatic core Joomla update service that might be of interest to you.
https://www.siteground.com/tutorials/jo ... update.htm

I would prefer to keep my sites on my current host as it is cost effective. But I might have chosen SiteGround in 2011 if I had any notion of what I'm into now.

As for moving my Joomla site I would first have to secure the current site. If I succeed at that then I would leave it where it is and endure updating in future.

Anyone who has suggestions about how I might fix my site please

I would agree with the suggestions in this post
http://forum.joomla.org/viewtopic.php?f ... 9#p3313791

Per Yngve Berg is not responding and I have no idea what he is talking about in his last post. If you do please post over there and help me.

Also note that you may have some issues with your site template, so it may be necessary to either apply minor fixes or get a new template. I would recommend doing a full site backup (with Akeeba Backup), and try the upgrade on your localhost and address all the issues, then transfer it to your live site. If you have any third party extensions, make sure you update them to the latest version.

Template problems might seem trivial compared to ridding my site of infection. Thank you for your suggestions.

[Bernard T]

When I downloaded Joomla 1.6.0 in 2011 it was with the impression that it was the best option available. In 2015 I’m told that it’s buggy and insecure. Hindsight is 20/20. While I bear responsibility for not updating I point out that no one ever tells you when you first start using software that it’s buggy and insecure (or how insecure it may become). I only found that out later.

Please don't go that road, blaming everyone for your own omissions to take proper care for your website. No one should have explained to you that, by choosing to build your website by yourself, you are the only one responsible to take care of it. That's a pure responsibility issue.

Every software, including Joomla, has it's life-cycle. New functionality, bug fixes... Someone should take care to upgrade as soon as new version is out. That can be you, or someone you pay to do it for you, but someone has to do it. Many new versions (any software, including Joomla) are fixing security issues. Which means it's important to apply them, to prevent hacking. Joomla publishes new versions all the time, so it's not Joomla's fault if someone doesn't upgrade.

Anyone who has suggestions about how I might fix my site please Please read Upgrade from 1.6.0 to latest version?. TIA for your help.

http://forum.joomla.org/viewtopic.php?f ... 4#p2882538 - go step by step to get your Joomla folder clean, then follow the instructions to upgrade to the latest version.

[tuum]

Anyone who has suggestions about how I might fix my site please Please read Upgrade from 1.6.0 to latest version?. TIA for your help.

http://forum.joomla.org/viewtopic.php?f ... 4#p2882538 - go step by step to get your Joomla folder clean, then follow the instructions to upgrade to the latest version.

There are a few guides on how to fix a hacked site. The one Bernard suggested is one option. Here are a couple of others:
https://docs.joomla.org/Security_Checkl ... or_defaced
https://www.siteground.com/kb/joomla_hacked/

If you don't want to fix yourself, Phil Taylor provides a service where he fixes your hacked site for £88
https://myjoomla.com/site/is/hacked

My Joomla also has a security audit tool that may help identify which files have been hacked. You can do one audit for free, then any audit after that requires a subscription starting at £5 per month.

Once you site is hack free, (and hopefully on a newer Joomla version), then you can protect your site from future hacks using some of the suggestions in the Joomla Security Checklist
https://docs.joomla.org/Security_Checklist

You can also use third party security/firewall tools such as Akeeba Admin Tools.

[leolam]

Note that SiteGround have an automatic core Joomla update service that might be of interest to you.

That is only applicable within a branch and not for mini-migration of a site from Joomla 2.5.28 for instance to Joomla 3.4.3. Using that updater for this will destroy your site for sure without the steps outlined in multiple posts. So be careful what you state and be precise please?

Leo

[leolam]

@ Perses,
You can easy migrate from Joomla 1.6 to Joomla 3.4.3 by using SP Upgrade. SPU requires a fresh install of Joomla in a sub-directory and it migrates the original Joomla and several extensions of the old J1.6 database to this sub-directory's database that drives Joomla 3.4.3

That is the only (!) secure way to proceed. Staying on 1.6 or updating to 2.5.28 (End Of Life) are no options. Look in the mirror, whack yourself for being a bad webmaster and stop blaming the world by realizing that you have learned your lesson and get going fresh with SP Upgrade and migrate to latest version. If you are not sure hire professionals who can do it for you

Leo

[Bernard T]

@ Perses,
You can easy migrate from Joomla 1.6 to Joomla 3.4.3 by using SP Upgrade. SPU requires a fresh install of Joomla in a sub-directory and it migrates the original Joomla and several extensions of the old J1.6 database to this sub-directory's database that [drive] Joomla 3.4.3

@Perses:
Upgrading with tools that copy to a new fresh installation directory is good.

But don't make a mistake by just blindly following the instructions. Copying existing media folders could keep possible malware/backdoor files. You have to ensure that all files are clean.

[Perses]

@all
I have removed infected files from Joomla 1.6. This was accomplished by deleting all directories at host and then uploading all directories from a 1.6.0 installation on one of my computers (one of three) (I did not delete Joomla files in root directory at host because none were infected). I also deleted one file in root directory at host named php5.php and edited index.php to remove line that called this file (added by criminals).

I will now continue with this: Upgrade from 1.6.0 to latest version? If I fail at upgrade as I did with last attempt I will post there.

Thanks for your help.