It's time to take serious action against hacking

Do you have an idea for the Joomla community that you can help implement? Discuss in here.
Post Reply
zyzko
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Mar 07, 2021 10:59 am

It's time to take serious action against hacking

Post by zyzko » Sun Mar 07, 2021 11:15 am

Hello, It is unfortunate that an increasing number of Joomla web sites are being hacked because web agencies and / or customers do not update their sites. The Web is flooded with hacked Joomla sites, used to deceive visitors and distribute malware, or to run Negative SEO campaigns.

Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.

This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15040
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: It's time to take serious action against hacking

Post by mandville » Sun Mar 07, 2021 5:37 pm

part 1 of post
can i correct your errors.
Hello, It is unfortunate that an increasing number of web sites are being hacked because web agencies and / or customers do not update their sites. [or take simple precautions]

so are you proposing that joomla actively interferes with someones site ? stick it in viewforum.php?f=575
what ever could go wrong in that? just look at other software that implements forced updates.

part 2
clickbait.png
You do not have the required permissions to view the files attached to this post.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

brendanhedges
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 185
Joined: Sat Mar 04, 2017 1:28 am
Location: Surrey, UK
Contact:

Re: It's time to take serious action against hacking

Post by brendanhedges » Sun Mar 07, 2021 6:10 pm

Actually, this is something that some hosting companies do for their clients automatically. Mine does. As soon as a new version of the CMS is released any 'core' files that were identified as vulnerable and subsequently fixed in an update are automatically 'patched'. So, even if I don't do a full version update all the weak files are updated regardless. I was cautious of this at first, but in the last 3 years, I've had no reason to undo this patching as no problems were created but my hosting company. So, maybe you need to address this to your host, rather than the CMS.

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 6645
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: It's time to take serious action against hacking

Post by AMurray » Sun Mar 07, 2021 9:58 pm

Unmonitored auto updates might cause more problems than they intend to fix especially if done through a third party updater. Just stick to your routine, and update Joomla through Joomla Update, where you have control. Auto updating just for the sake of it doesn't consider the CMS core or third party extensions that may need checking for compatibility with the host's systems etc. No guarantee an update will not break a site.

I prefer maintaining control of the updates I do (and yes, I do core updates through Joomla Update the day they are released generally or soon thereafter), and third party updates are done when the Extension Manager advises there are updates.

Joomla does warn users about issues e.g. outdated PHP or when updates are available (of course that relies on the relevant plugins being enabled), the onus is on the site owner, and shouldn't be an unmonitored update either by the CMS or the web host and third-party script providers ike Softaculous should probably be avoided as the Joomla Project has no control over whether their update/install scripts have been modified.

You also have a varying difference in quality of web hosts - some that actively keep hosting systems up to date (e.g. PHP versions) and others not so much.
Regards,
--------------------------------------------------------------
A Murray
Help you I can, yes!. Post your question, you should. Keep it on topic you must!
Use the Forc....Forum Post Assistant my young Padawan!

User avatar
darb
Joomla! Ace
Joomla! Ace
Posts: 1743
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden
Contact:

Re: It's time to take serious action against hacking

Post by darb » Sat Mar 13, 2021 7:33 am

@yzko where did you get this important info from?

Where did you find out the numbers and statistics?

You just register here, have one post and claim things that are not true and have any evidence for what they are.

For me you are just again like the sent out Wordpress tribe that try to eliminate Joomla from the competition to be one of the most secure, stable and easy to use CMS in the world.

People here that moderate: You have to take action to these people register here with purpose only to damage Joomla bcs this user will never come back with any response what so ever..

This is spam and you know what to do with it! capiche. :geek:

User avatar
darb
Joomla! Ace
Joomla! Ace
Posts: 1743
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden
Contact:

Re: It's time to take serious action against hacking

Post by darb » Sat Mar 13, 2021 8:25 am

zyzko wrote:
Sun Mar 07, 2021 11:15 am
Hello, It is unfortunate that an increasing number of Joomla web sites are being hacked because web agencies and / or customers do not update their sites. The Web is flooded with hacked Joomla sites, used to deceive visitors and distribute malware, or to run Negative SEO campaigns.

Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.

This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.

Joomla is the best combination of powerful easy secure publishing platform for organisations, companies and users.

You have a very great MVC platform with many CCK and also fast builders like Joomla component builder JCB as one example https://www.joomlacomponentbuilder.com/ and now with new innovative Joomla 4 come also Bootstrap 5 support etc.

OBS! you have to add extensions (plgs) after std installation bcs Joomla itself comes very stripped but is easy to plg/extension/templates etc by one click install as same as updates is very very easy with a button click so very secure future updates.

Best easy secure publishing platform

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39807
Joined: Sat Apr 05, 2008 9:58 pm

Re: It's time to take serious action against hacking

Post by Webdongle » Sat Mar 13, 2021 10:29 am

zyzko wrote:
Sun Mar 07, 2021 11:15 am
...

Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.

This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.
I can't think of a more affective way to put users off using Joomla. Well done for making a suggestion that would do damage.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
john-doe
Joomla! Ace
Joomla! Ace
Posts: 1001
Joined: Tue Apr 19, 2011 7:39 pm
Location: Colombia
Contact:

Re: It's time to take serious action against hacking

Post by john-doe » Wed Mar 17, 2021 1:54 pm

Webdongle wrote:
Sat Mar 13, 2021 10:29 am
I can't think of a more affective way to put users off using Joomla. Well done for making a suggestion that would do damage.
I do agree with this statement.
www.aldemar-hernandez.com - Custom templates and design services.


Post Reply

Return to “Joomla! Ideas Forum”