looks like joomla org hacked
- Tonie
- Joomla! Master
- Posts: 16553
- Joined: Thu Aug 18, 2005 7:13 am
Re: look like joomal.org hacked
These are no times for word games or things like that. The site has ben restored, and we're dealing with the immediate ramifications. If all has been done and things settled, we'll evaluate and learn from it. Simple as that.
-
- Joomla! Apprentice
- Posts: 21
- Joined: Thu Jul 26, 2007 3:13 pm
Re: look like joomal.org hacked
Just simple......Tonie wrote: These are no times for word games or things like that. The site has ben restored, and we're dealing with the immediate ramifications. If all has been done and things settled, we'll evaluate and learn from it. Simple as that.
We that we use this CMS need to know, not simple that, I believe eh.., and we evaluate if to continue to believe us or except for.
But thanks for your intervention..
Last edited by vistartony on Sat Aug 18, 2007 5:37 pm, edited 1 time in total.
-
- Joomla! Apprentice
- Posts: 17
- Joined: Thu Jun 29, 2006 11:55 am
Re: look like joomal.org hacked
I still don't know where my discussion has not been civil. I called someone a liar in one of my post because, uhh, he was lying. That person stated false "facts" and I corrected him/her, that was all. I don't see in what way this isn't civil.MMMedia wrote:Actually uncivil comments are against the rules stokedfish. You seem to have neglected to read the rules from the link provided so I will quote them directly to you here in this post.
I most certainly have no connection at all to that cracker (it's not a hacker!) and I don't have the slightest clue how this was done.I find it odd that you advocate for hackers, I have never seen that done unless it is being done by the hacker themselves or someone that knows the hacker, or someone who has inside knowledge of the hack. It certainly doesn't shine a very good light on you, and that is unfortunate.
If you have never heard of how to deal with such an incident, I suggest you read this:
*click*
It's a great book and it shows how people have dealt with cracker incidents in the past and what is a good and not so good way to handle such an attack. I also suggest you do some reading on the CCC website, another good ressource.
Anyway, that's it for me. I just hope you'll learn sth out of this and that you will (should it ever happen again, which I don't hope of course) handle this different and in a more honest/mature way the next time.
Thanks for reading.
Last edited by stokedfish on Sat Aug 18, 2007 6:00 pm, edited 1 time in total.
- pe7er
- Joomla! Master
- Posts: 24984
- Joined: Thu Aug 18, 2005 8:55 pm
- Location: Nijmegen, Netherlands
- Contact:
Re: look like joomal.org hacked
[MOD note: Message deleted. This is an English board, please only use English.
If you would like to post a message in your native language, please use the appropiate forum at the International Zone: http://forum.joomla.org/index.php?actio ... a=expand#5 ]
If you would like to post a message in your native language, please use the appropiate forum at the International Zone: http://forum.joomla.org/index.php?actio ... a=expand#5 ]
Last edited by pe7er on Sat Aug 18, 2007 6:00 pm, edited 1 time in total.
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
- Jenny
- Joomla! Champion
- Posts: 6206
- Joined: Sun Aug 21, 2005 2:25 pm
- Contact:
Re: look like joomal.org hacked
I also wish for you the ability to handle posting in forums in a mature and responsible way my friend. Please do read that link on Netiquette provided earlier. It really is a good read.
edit: hmm hacker (which is what the average user thinks because they typically say "My site has been hacked" /cracker/idiot. I know the difference, but a lot of people don't know the difference and considering you responded to this thread with this specific title on it, using that specific name, over and over again without mentioning it until now, makes me think you are just looking for things to pick at/on (another troll tactic it would seem). Again, netiquette comes into play here, you really should read that Wikipedia entry referenced above.
edit2: What is even funnier - the link you posted in your post points to a book "Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios" You really need to write that author a letter and describe the difference to them too. Hate that you had to reference someone and recommend a read, but then they aren't using the right terminology either.
edit: hmm hacker (which is what the average user thinks because they typically say "My site has been hacked" /cracker/idiot. I know the difference, but a lot of people don't know the difference and considering you responded to this thread with this specific title on it, using that specific name, over and over again without mentioning it until now, makes me think you are just looking for things to pick at/on (another troll tactic it would seem). Again, netiquette comes into play here, you really should read that Wikipedia entry referenced above.
edit2: What is even funnier - the link you posted in your post points to a book "Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios" You really need to write that author a letter and describe the difference to them too. Hate that you had to reference someone and recommend a read, but then they aren't using the right terminology either.
stokedfish wrote:I still don't know where my discussion has not been civil. I called someone a liar in one of my post because, uhh, he was lying. That person stated false "facts" and I corrected him/her, that was all. I don't see in what way this isn't civil.MMMedia wrote:Actually uncivil comments are against the rules stokedfish. You seem to have neglected to read the rules from the link provided so I will quote them directly to you here in this post.
I most certainly have no connection at all to that cracker (it's not a hacker!) and I don't have the slightest clue how this was done.I find it odd that you advocate for hackers, I have never seen that done unless it is being done by the hacker themselves or someone that knows the hacker, or someone who has inside knowledge of the hack. It certainly doesn't shine a very good light on you, and that is unfortunate.
If you have never heard of how to deal with such an incident, I suggest you read this:
*click*
It's a great book and it shows how people have dealt with cracker incidents in the past and what is a good and not so good way to handle such an attack. I also suggest you do some reading on the CCC website, another good ressource.
Anyway, that's it for me. I just hope you'll learn sth out of this and that you will (should it ever happen again, which I don't hope of course) handle this different and more honest/mature way the next time.
Thanks for reading.
Last edited by Jenny on Sat Aug 18, 2007 6:12 pm, edited 1 time in total.
Co-author of the Official Joomla! Book http://officialjoomlabook.com
Marpo Multimedia http://marpomultimedia.com
Marpo Multimedia http://marpomultimedia.com
-
- Joomla! Apprentice
- Posts: 17
- Joined: Thu Jun 29, 2006 11:55 am
Re: look like joomal.org hacked
It's funny that whenever you run out of arguments all you come up with is "read the rules" or "netiquette is what it's all about" but I haven't read a single convincing counter-argument to my posts here so far.MMMedia wrote:Again, netiquette comes into play here, you really should read that Wikipedia entry referenced above.
The author explains the terminology in his book and also gives reasons for choosing hacker instead of cracker as a title.MMMedia wrote:edit2: What is even funnier - the link you posted in your post points to a book "Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios" You really need to write that author a letter and describe the difference to them too. Hate that you had to reference someone and recommend a read, but then they aren't using the right terminology either.
That was a marketing decision, not a technical one.
- Jenny
- Joomla! Champion
- Posts: 6206
- Joined: Sun Aug 21, 2005 2:25 pm
- Contact:
Re: look like joomal.org hacked
ROFL now that is good comedy! Read this for technical information - but don't worry about the technical terminology. It is a marketing decision!stokedfish wrote: The author explains the terminology in his book and also gives reasons for choosing hacker instead of cracker as a title.
That was a marketing decision, not a technical one.
HAHAHA!
Co-author of the Official Joomla! Book http://officialjoomlabook.com
Marpo Multimedia http://marpomultimedia.com
Marpo Multimedia http://marpomultimedia.com
-
- Joomla! Apprentice
- Posts: 17
- Joined: Thu Jun 29, 2006 11:55 am
Re: look like joomal.org hacked
Why? it's a very valid decision and had to do sth with educating a certain target-audience. It's funny how you judge that book and its author without even having read a single page in it. Way to go, yay.
So this is how you form an opinion on things? I think that says it all...
And again, you don't counter my arguments on how the Joomla! team handled this incident in a non-mature way at all. I'm still waiting for convincing reasons to support your view that the Joomla! guys did all right.
I doubt I'll ever read any in this thread, but hopefully someone will surprise me soon...
So this is how you form an opinion on things? I think that says it all...
And again, you don't counter my arguments on how the Joomla! team handled this incident in a non-mature way at all. I'm still waiting for convincing reasons to support your view that the Joomla! guys did all right.
I doubt I'll ever read any in this thread, but hopefully someone will surprise me soon...
Last edited by stokedfish on Sat Aug 18, 2007 6:29 pm, edited 1 time in total.
-
- Joomla! Apprentice
- Posts: 7
- Joined: Fri Jul 13, 2007 7:08 pm
Re: look like joomal.org hacked
Eh, that's probably because what she says is true, and all that is needed/required to comprehend the situation.stokedfish wrote:It's funny that whenever you run out of arguments all you come up with is "read the rules" or "netiquette is what it's all about" but I haven't read a single convincing counter-argument to my posts here so far.MMMedia wrote:Again, netiquette comes into play here, you really should read that Wikipedia entry referenced above.
And your "opinion" is way off-base. The quickest, and most efficient, way to demoralize and discredit any person with ill-intentions, seeking attention, is to completely remove any publicity that person may be hoping for.
Besides, if these so-called "crackers" were that good, than they would have removed that option in the first place. But they didn't, so they aren't. Seeing as how the core team was able to restore order, in a speedy manner, then this "attempt" was more impish than an "attack".
Anyway, enough of all that..
I'm interested to hear what the team has to say about version numbers, file permissions, 3PD's, etc..
- Jenny
- Joomla! Champion
- Posts: 6206
- Joined: Sun Aug 21, 2005 2:25 pm
- Contact:
Re: look like joomal.org hacked
Stoked, obviously you didn't understand when it was posted above, so I will quote it for you again:stokedfish wrote: Why? it's a very valid decision and had to do sth with educating a certain target-audience. It's funny how you judge that book and its author without even having read a single page in it. Way to go, yay.
So this is how you form your opinion on things? I think that says it all...
And again, you don't counter my arguments on how the Joomla! team handled this incident in a non-mature way at all. I'm still waiting for convincing reasons to support your view that the Joomla! guys did all right.
I doubt I'll ever read any in this thread, but hopefully someone will surprise me soon...
If you don't understand that, then there isn't much hope for you to get it no matter how much explanation is done. I am sorry you can't grasp this concept, because it is an easy one.ilox wrote: Not censor, sanitise. The standard in here has always been - and I have been here from the start - that there is never a link, a name, a screenshot or any other thing that might identify a hacker or their tools. There should never be any way for them to gain any credibility for their actions.
Co-author of the Official Joomla! Book http://officialjoomlabook.com
Marpo Multimedia http://marpomultimedia.com
Marpo Multimedia http://marpomultimedia.com
- willebil
- Joomla! Guru
- Posts: 762
- Joined: Thu Aug 18, 2005 12:06 pm
- Location: Netherlands
Re: look like joomal.org hacked
Cracker, hacker...who cares in this case, the site was compromised and I agree sharing information on how it was done is not smart, simply because we don't know if there is a solution yet.
I don't want to generalize here, but the forum rules are there for a specific reason, and have proven themselves in time. No one likes to be moderated, but trust me the moderators do a good job to keep this forum a nice place, and they moderate everyone (including core members if needed).
I don't want to generalize here, but the forum rules are there for a specific reason, and have proven themselves in time. No one likes to be moderated, but trust me the moderators do a good job to keep this forum a nice place, and they moderate everyone (including core members if needed).
-
- Joomla! Apprentice
- Posts: 17
- Joined: Thu Jun 29, 2006 11:55 am
Re: look like joomal.org hacked
"I don't need to give reasons for my opinion. No need to support my view with any facts, as I am always right!"dotZen wrote:Eh, that's probably because what she says is true, and all that is needed/required to comprehend the situation.
Do some reading - there's lots and lots of people in the field of computer security that share my view.dotZen wrote:And your "opinion" is way off-base.
That statement proves me that you have no idea what this is all about. Demoralizing and discrediting the [redacted] who did that should be the least of a concern here. There's much more important things to deal with now - honestly informing the Joomla! users instead of trying to hide things, "minimizing" rumours and misinformation on the web instead of boosting them and investigating a possible security-hole instead of cursing the oh-so-evil crackers.dotZen wrote:The quickest, and most efficient, way to demoralize and discredit any person with ill-intentions, seeking attention, is to completely remove any publicity that person may be hoping for.
Again, same thing. Joomla! got cracked and whether it was a script-kiddy or a high-profile cracker doesn't matter. The site got cracked, period. It's a fact and you have to make the best out of it. Execrating and demoralizing the person who did it doesn't help anyone and certainly isn't a good way to deal with this incident at all.dotZen wrote:Besides, if these so-called "crackers" were that good, than they would have removed that option in the first place. But they didn't, so they aren't. Seeing as how the core team was able to restore order, in a speedy manner, then this "attempt" was more impish than an "attack".
Last edited by stokedfish on Sat Aug 18, 2007 6:59 pm, edited 1 time in total.
-
- Joomla! Apprentice
- Posts: 17
- Joined: Thu Jun 29, 2006 11:55 am
Re: look like joomal.org hacked
MMMedia, obviously you didn't understand when it was posted above, so I will quote it for you again:
If you don't understand that, then there isn't much hope for you to get it no matter how much explanation is done. I am sorry you can't grasp this concept, because it is an easy one.The more secretive you treat this incident the more speculations, rumours and misinformation will spread on the web and this can be in no way good for the Joomla! project. A much better way would have been to make an offical statement as fast as possible instead of trying to hide things from the public.
Last edited by stokedfish on Sat Aug 18, 2007 6:59 pm, edited 1 time in total.
-
- Joomla! Apprentice
- Posts: 21
- Joined: Thu Jul 26, 2007 3:13 pm
Re: look like joomal.org hacked
This is the better sentence read until nowwillebil wrote: Cracker, hacker...who cares in this case, the site was compromised and I agree sharing information on how it was done is not smart, simply because we don't know if there is a solution yet.
-
- Joomla! Apprentice
- Posts: 7
- Joined: Fri Jul 13, 2007 7:08 pm
Re: look like joomal.org hacked
Um, buddy, think you can step off your high-horse?
Your confusing two points here: A) Doesn't seem like anyone is ignoring or removing info that it happened, which your implying B) Moderators (and to a greater extent PR) are the ones who can de-publicize and discredit-- it will be the developer and core team who find out the how/why.
Seriously, this shouldn't even been up for debate. You're not on the core team, not likely to ever be on the team, they've made their stance regarding situations like these long ago. It won't change unless they wish it to change. 'Nuff said.
Why do you think you can push _your_ opinions on the rest of us? As if they're far superior, or something...
Your confusing two points here: A) Doesn't seem like anyone is ignoring or removing info that it happened, which your implying B) Moderators (and to a greater extent PR) are the ones who can de-publicize and discredit-- it will be the developer and core team who find out the how/why.
Seriously, this shouldn't even been up for debate. You're not on the core team, not likely to ever be on the team, they've made their stance regarding situations like these long ago. It won't change unless they wish it to change. 'Nuff said.
Why do you think you can push _your_ opinions on the rest of us? As if they're far superior, or something...
- Jenny
- Joomla! Champion
- Posts: 6206
- Joined: Sun Aug 21, 2005 2:25 pm
- Contact:
Re: look like joomal.org hacked
Does this thread exist? Has it been deleted? The answer would be a resounding NO.
There is no secrecy here. There is no concealment of information, except for the publication and promotion of the exact names of the entity responsible, which has always been the policy of this forum. One reason is that a lot of time mis information is posted regarding who, what, where, etc the crack/hack/whatever you want to call it comes from. Two is this forum does not allow for the publication or promotion of malicious entities that compromise sites, it never has and never will, because people should not get credit or promotion for doing bad deeds. People that do credit or promote bad deeds are no better than the ones that do the deed themselves.
Discussion is had on vulnerabilities and solutions, when they are known, and there are whole security forums dedicated to the issue of security.
Please stop making up things, creating issues where there are none. Your continued arguments that there is secrecy, or concealment are laughable at best, and an outright lie at worst.
There is no secrecy here. There is no concealment of information, except for the publication and promotion of the exact names of the entity responsible, which has always been the policy of this forum. One reason is that a lot of time mis information is posted regarding who, what, where, etc the crack/hack/whatever you want to call it comes from. Two is this forum does not allow for the publication or promotion of malicious entities that compromise sites, it never has and never will, because people should not get credit or promotion for doing bad deeds. People that do credit or promote bad deeds are no better than the ones that do the deed themselves.
Discussion is had on vulnerabilities and solutions, when they are known, and there are whole security forums dedicated to the issue of security.
Please stop making up things, creating issues where there are none. Your continued arguments that there is secrecy, or concealment are laughable at best, and an outright lie at worst.
stokedfish wrote:The more secretive you treat this incident the more speculations, rumours and misinformation will spread on the web and this can be in no way good for the Joomla! project. A much better way would have been to make an offical statement as fast as possible instead of trying to hide things from the public.
Co-author of the Official Joomla! Book http://officialjoomlabook.com
Marpo Multimedia http://marpomultimedia.com
Marpo Multimedia http://marpomultimedia.com
Re: look like joomal.org hacked
Don't mind me, I'm just passing by
** Robin waves around the book with forum rules **
** Robin waves around the book with forum rules **
-
- Joomla! Apprentice
- Posts: 17
- Joined: Thu Jun 29, 2006 11:55 am
Re: look like joomal.org hacked
I agree, and it wouldn't have been up for debate had the Joomla! team acted different.dotZen wrote:Seriously, this shouldn't even been up for debate.
I didn't know that you have to be in the core team to discuss something on this board. So do you want to say that I am not allowed to state an opinion on this just because I am not on the core team? Wow, now that's an interesting take on it.dotZen wrote:You're not on the core team, not likely to ever be on the team.
That's fine but I don't see why this should make a discussion about what happened impossible. The Joomla! team can keep acting in the way they do, that's fine. However, we should be allowed to discuss such topics anyway. Or do you seriously think the users on this board should not be allowed to voice an opinion on things?dotZen wrote:they've made their stance regarding situations like these long ago. It won't change unless they wish it to change. 'Nuff said.
I'm just supporting my view here, that is all. It's called reasoning and debate. I'm not forcing anything on anybody. If you don't agree with it, that's perfectly fine. Also, I never said that my view is superior. But at least I used references/facts to support it while others don't do this at all and just keep saying "read the rules" instead.dotZen wrote:Why do you think you can push _your_ opinions on the rest of us? As if they're far superior, or something...
Quite probably because they don't have any good arguments, coz otherwise I assume they would have shared them with me.
Last edited by stokedfish on Sat Aug 18, 2007 7:17 pm, edited 1 time in total.
- willebil
- Joomla! Guru
- Posts: 762
- Joined: Thu Aug 18, 2005 12:06 pm
- Location: Netherlands
Re: look like joomal.org hacked
[me=willebil]slaps Robin with that book[/me]
Re: look like joomal.org hacked
Okay, enough is enough!
stokedfish, and all others, please remain on topic! which is that the site was hacked. If you have input about this, you are free to share that. Just stop the argument about being allowed to argue before this turns into a flame thread.
Anything beyond my post which is still off topic will simply be deleted.
stokedfish, and all others, please remain on topic! which is that the site was hacked. If you have input about this, you are free to share that. Just stop the argument about being allowed to argue before this turns into a flame thread.
Anything beyond my post which is still off topic will simply be deleted.
- exrace
- Joomla! Explorer
- Posts: 281
- Joined: Tue Aug 23, 2005 4:55 am
- Location: On my CBR 1000rr...
Re: look like joomal.org hacked
Any new news on the shop.joomla site and how this contributed to the event?
Love, Live PHP.
Love, Live Joomla!
Super Sonic Man...do you want to buy a RockeTheme rocket? -Gary Jules
Love, Live Joomla!
Super Sonic Man...do you want to buy a RockeTheme rocket? -Gary Jules
Re: look like joomal.org hacked
Hi exrace,
I have no details if there was a link between the shop and the main site that got hacked later. Currently, a few people are still going through log files and such. But as you now, the Core team is spread around the Globe, and some are simply not available right now. I can't tell you if and when more details will be posted about the incident right now.
I have no details if there was a link between the shop and the main site that got hacked later. Currently, a few people are still going through log files and such. But as you now, the Core team is spread around the Globe, and some are simply not available right now. I can't tell you if and when more details will be posted about the incident right now.
-
- Joomla! Apprentice
- Posts: 25
- Joined: Sun Oct 15, 2006 3:35 pm
Re: look like joomal.org hacked
Could you share whether or not the http://www.joomla.org site was running .13 code? I certainly understand if you cannot at this time.
Re: look like joomal.org hacked
Hi mmckeen,
We are indeed running version 1.0.13 on joomla.org.
We are indeed running version 1.0.13 on joomla.org.
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: look like joomal.org hacked
How will publication of the investigations be handled, do we have to wait untill hole and fix both are available if it's Joomla core, will you post the hole if it's a 3rd part extension even before the fix is available so concerned people can remove it from their sites, are there any hints yet..?
Don't know if this part is off topic, but I don't see how posting a screenshot can be considered "rude"... I don't mind readers here not knowing who hacked the site, but how it was done is crucial info, and if these same hackers (a cracker for me is this: http://www.cepolina.com/freephoto/f/oth ... .bread.jpg ) have, as I understood from a post here, already compromised other sites, it might be helpfull to be able to search with their name or url or whatever to gain insight on the methods they used, and thus maybe be able to secure one's site before the team here is able to post something...
Alsoo think this is more a Security matter than "Sites and Infrastructure", as it doesn't only affect joomla.orgs site(s), and is in no way a "'mechanical' forum or Joomla! sites related issues/suggestions" topic.
Don't know if this part is off topic, but I don't see how posting a screenshot can be considered "rude"... I don't mind readers here not knowing who hacked the site, but how it was done is crucial info, and if these same hackers (a cracker for me is this: http://www.cepolina.com/freephoto/f/oth ... .bread.jpg ) have, as I understood from a post here, already compromised other sites, it might be helpfull to be able to search with their name or url or whatever to gain insight on the methods they used, and thus maybe be able to secure one's site before the team here is able to post something...
Alsoo think this is more a Security matter than "Sites and Infrastructure", as it doesn't only affect joomla.orgs site(s), and is in no way a "'mechanical' forum or Joomla! sites related issues/suggestions" topic.
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
-
- Joomla! Apprentice
- Posts: 17
- Joined: Thu Jun 29, 2006 11:55 am
Re: look like joomal.org hacked
It's sad that you don't give me a chance to counter what MMMedia has just written as I was already sending out a long and well-thought reply but then I saw your above statement. Of course, I'll comply, although I think it isn't very fair to do this.RobInk wrote:Okay, enough is enough! [...] Anything beyond my post which is still off topic will simply be deleted.
However, since I feel I have the right to rectify MMMedia's accusations, just allow me 2 very last statements: First, I have NEVER accused the Joomla! team of deleting threads on this board and I too DO NOT agree with the cracking. And second, I HAVE NOT promoted bad deeds on here. I just have a different way to handle such incidents, that is all.
Thank you for not editing out this post and sorry to cause so much trouble. I hope you'll treat everyone the same in this thread and also moderate down core members, should they not respect your above condition for future posts on this topic. I certainly will and this discussion is done for me now.
Re: look like joomal.org hacked
Hi Joe,
To answer your questions; if our investigation turns out the leak would be in the core code, then normal procedures would be followed and a security patch would be released almost immediately. I would be responsible for doing that. If it would turn out to be a leak in a 3rd party extension, then of course we would share this information, if it were only to prevent other sites from getting hacked.
I'll be leaving the rest of your ideas/questions for now, I'm a bit busy as you can probably understand
To answer your questions; if our investigation turns out the leak would be in the core code, then normal procedures would be followed and a security patch would be released almost immediately. I would be responsible for doing that. If it would turn out to be a leak in a 3rd party extension, then of course we would share this information, if it were only to prevent other sites from getting hacked.
I'll be leaving the rest of your ideas/questions for now, I'm a bit busy as you can probably understand
Re: look like joomal.org hacked
Duly noted, thanks for understanding and following the rules.stokedfish wrote:It's sad that you don't give me a chance to counter what MMMedia has just written as I was already sending out a long and well-thought reply but then I saw your above statement. Of course, I'll comply, although I think it isn't very fair to do this.RobInk wrote:Okay, enough is enough! [...] Anything beyond my post which is still off topic will simply be deleted.
However, since I feel I have the right to rectify MMMedia's accusations, just allow me 2 very last statements: First, I have NEVER accused the Joomla! team of deleting threads on this board and I too DO NOT agree with the cracking. And second, I HAVE NOT promoted bad deeds on here. I just have a different way to handle such incidents, that is all.
Thank you for not editing out this post and sorry to cause so much trouble. I hope you'll treat everyone the same in this thread and also moderate down core members, should they not respect your above condition for future posts on this topic. I certainly will and this discussion is done for me now.
- bergmannn
- Joomla! Ace
- Posts: 1186
- Joined: Tue Jan 10, 2006 2:18 pm
- Location: Málaga - Spain
- cbh
- Joomla! Apprentice
- Posts: 39
- Joined: Sun Aug 28, 2005 11:20 pm
- Location: Toronto, Ontario, Canada
Re: look like joomal.org hacked
I think a few folks raised a suggestion/recommendation that some form of notification should go out as quickly as possible after something like this happens, and I strongly agree with that idea. I don't necessarily need technical details at the outset (though that would be good if they're available) but simply a heads up along the lines of "Our site has been compromised, we're running version 1.0.13, we don't know much more than this at the moment but will let you know as soon as possible." (This as well as the password/bridge issue make me glad I've stuck with 1.0.12, though I suppose it might be vulnerable as well.) Providing this information will help me ensure I can, as much as possible, take care of my clients - who are in my case mostly small not for profits.
This type of notice at least lets me know that I should check all the sites I manage as quickly as possible to ensure they're OK, because I tend not to check them all that much on the weekends. It was only due to an insomniac coincidence that I checked the site at 6:30 on a Saturday morning here in the Great White North.
I'm aware that I can sign up for notifications in the security section of this forum, and if that works, that's great, but I think an even better model for this type of warning system is the one used by the folks at Drupal. You join a specific mailing list and are advised, very promptly it seems, of security concerns, not only with the core Drupal installation, but also wherever possible, about problems with add-ons.
I'm sure this is probably eating up a lot of time and effort for those of you who are responsible for this kind of thing. Believe me, it's appreciated.
Cheers
Chris Hutcheson
This type of notice at least lets me know that I should check all the sites I manage as quickly as possible to ensure they're OK, because I tend not to check them all that much on the weekends. It was only due to an insomniac coincidence that I checked the site at 6:30 on a Saturday morning here in the Great White North.
I'm aware that I can sign up for notifications in the security section of this forum, and if that works, that's great, but I think an even better model for this type of warning system is the one used by the folks at Drupal. You join a specific mailing list and are advised, very promptly it seems, of security concerns, not only with the core Drupal installation, but also wherever possible, about problems with add-ons.
I'm sure this is probably eating up a lot of time and effort for those of you who are responsible for this kind of thing. Believe me, it's appreciated.
Cheers
Chris Hutcheson
Last edited by cbh on Sat Aug 18, 2007 11:25 pm, edited 1 time in total.