It's time to take serious action against hacking
-
- Joomla! Fledgling
- Posts: 1
- Joined: Sun Mar 07, 2021 10:59 am
It's time to take serious action against hacking
Hello, It is unfortunate that an increasing number of Joomla web sites are being hacked because web agencies and / or customers do not update their sites. The Web is flooded with hacked Joomla sites, used to deceive visitors and distribute malware, or to run Negative SEO campaigns.
Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.
This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.
Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.
This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.
Last edited by toivo on Mon May 24, 2021 11:43 am, edited 1 time in total.
Reason: mod note: moved from Joomla! Ideas Forum on request
Reason: mod note: moved from Joomla! Ideas Forum on request
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: It's time to take serious action against hacking
part 1 of post
can i correct your errors.
Hello, It is unfortunate that an increasing number of web sites are being hacked because web agencies and / or customers do not update their sites. [or take simple precautions]
so are you proposing that joomla actively interferes with someones site ? stick it in viewforum.php?f=575
what ever could go wrong in that? just look at other software that implements forced updates.
part 2
can i correct your errors.
Hello, It is unfortunate that an increasing number of web sites are being hacked because web agencies and / or customers do not update their sites. [or take simple precautions]
so are you proposing that joomla actively interferes with someones site ? stick it in viewforum.php?f=575
what ever could go wrong in that? just look at other software that implements forced updates.
part 2
You do not have the required permissions to view the files attached to this post.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Enthusiast
- Posts: 227
- Joined: Sat Mar 04, 2017 1:28 am
- Location: Surrey, UK
- Contact:
Re: It's time to take serious action against hacking
Actually, this is something that some hosting companies do for their clients automatically. Mine does. As soon as a new version of the CMS is released any 'core' files that were identified as vulnerable and subsequently fixed in an update are automatically 'patched'. So, even if I don't do a full version update all the weak files are updated regardless. I was cautious of this at first, but in the last 3 years, I've had no reason to undo this patching as no problems were created but my hosting company. So, maybe you need to address this to your host, rather than the CMS.
- AMurray
- Joomla! Exemplar
- Posts: 9701
- Joined: Sat Feb 13, 2010 7:35 am
- Location: Australia
Re: It's time to take serious action against hacking
Unmonitored auto updates might cause more problems than they intend to fix especially if done through a third party updater. Just stick to your routine, and update Joomla through Joomla Update, where you have control. Auto updating just for the sake of it doesn't consider the CMS core or third party extensions that may need checking for compatibility with the host's systems etc. No guarantee an update will not break a site.
I prefer maintaining control of the updates I do (and yes, I do core updates through Joomla Update the day they are released generally or soon thereafter), and third party updates are done when the Extension Manager advises there are updates.
Joomla does warn users about issues e.g. outdated PHP or when updates are available (of course that relies on the relevant plugins being enabled), the onus is on the site owner, and shouldn't be an unmonitored update either by the CMS or the web host and third-party script providers ike Softaculous should probably be avoided as the Joomla Project has no control over whether their update/install scripts have been modified.
You also have a varying difference in quality of web hosts - some that actively keep hosting systems up to date (e.g. PHP versions) and others not so much.
I prefer maintaining control of the updates I do (and yes, I do core updates through Joomla Update the day they are released generally or soon thereafter), and third party updates are done when the Extension Manager advises there are updates.
Joomla does warn users about issues e.g. outdated PHP or when updates are available (of course that relies on the relevant plugins being enabled), the onus is on the site owner, and shouldn't be an unmonitored update either by the CMS or the web host and third-party script providers ike Softaculous should probably be avoided as the Joomla Project has no control over whether their update/install scripts have been modified.
You also have a varying difference in quality of web hosts - some that actively keep hosting systems up to date (e.g. PHP versions) and others not so much.
Regards - A Murray
General Support Moderator
General Support Moderator
- darb
- Joomla! Hero
- Posts: 2039
- Joined: Thu Jul 06, 2006 12:57 pm
- Location: Stockholm Sweden
Re: It's time to take serious action against hacking
@yzko where did you get this important info from?
Where did you find out the numbers and statistics?
You just register here, have one post and claim things that are not true and have any evidence for what they are.
For me you are just again like the sent out Wordpress tribe that try to eliminate Joomla from the competition to be one of the most secure, stable and easy to use CMS in the world.
People here that moderate: You have to take action to these people register here with purpose only to damage Joomla bcs this user will never come back with any response what so ever..
This is spam and you know what to do with it! capiche.
Where did you find out the numbers and statistics?
You just register here, have one post and claim things that are not true and have any evidence for what they are.
For me you are just again like the sent out Wordpress tribe that try to eliminate Joomla from the competition to be one of the most secure, stable and easy to use CMS in the world.
People here that moderate: You have to take action to these people register here with purpose only to damage Joomla bcs this user will never come back with any response what so ever..
This is spam and you know what to do with it! capiche.
- darb
- Joomla! Hero
- Posts: 2039
- Joined: Thu Jul 06, 2006 12:57 pm
- Location: Stockholm Sweden
Re: It's time to take serious action against hacking
zyzko wrote: ↑Sun Mar 07, 2021 11:15 amHello, It is unfortunate that an increasing number of Joomla web sites are being hacked because web agencies and / or customers do not update their sites. The Web is flooded with hacked Joomla sites, used to deceive visitors and distribute malware, or to run Negative SEO campaigns.
Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.
This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.
Joomla is the best combination of powerful easy secure publishing platform for organisations, companies and users.
You have a very great MVC platform with many CCK and also fast builders like Joomla component builder JCB as one example https://www.joomlacomponentbuilder.com/ and now with new innovative Joomla 4 come also Bootstrap 5 support etc.
OBS! you have to add extensions (plgs) after std installation bcs Joomla itself comes very stripped but is easy to plg/extension/templates etc by one click install as same as updates is very very easy with a button click so very secure future updates.
Best easy secure publishing platform
- Webdongle
- Joomla! Master
- Posts: 44066
- Joined: Sat Apr 05, 2008 9:58 pm
Re: It's time to take serious action against hacking
I can't think of a more affective way to put users off using Joomla. Well done for making a suggestion that would do damage.zyzko wrote: ↑Sun Mar 07, 2021 11:15 am...
Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.
This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
- john-doe
- Joomla! Ace
- Posts: 1008
- Joined: Tue Apr 19, 2011 7:39 pm
- Location: Colombia
- Contact:
Re: It's time to take serious action against hacking
I do agree with this statement.
www.aldemar-hernandez.com - Custom templates and design services.
- darb
- Joomla! Hero
- Posts: 2039
- Joined: Thu Jul 06, 2006 12:57 pm
- Location: Stockholm Sweden
Re: It's time to take serious action against hacking
This is a typical one or 2 post attack against Joomla to destroy its image bcs other CMS competitors that is afraid of Joomla working business model that is a "real free CMS owned by all" - not like Wordpress, Drupal etc that have one person that owns the rights of the project and all contributors working for "free" for him.