Is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

General questions relating to Joomla! 3.x.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Post Reply
User avatar
GODpleasers
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 210
Joined: Wed Jun 11, 2014 3:47 pm
Location: Wenatchee, Wa
Contact:

Is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by GODpleasers » Sun Jul 17, 2022 2:48 pm

I got this message...

Warning

Joomla 3.10 has entered security only mode. Support ends 17 August 2023. Start planning to migrate to Joomla 4 today.

My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Are you forcing people to have to upgrade before they are ready We have to many component that aren't ready for Joomla 4 yet. UIf you are that is not fair.
Last edited by imanickam on Wed Nov 23, 2022 7:57 pm, edited 1 time in total.
Reason: Modified the subject slightly - removed the words "My question is "
GOD Speaks internet radio- :-) GOOD :-) Music that employs life, deliverance, & restoration - COMPLETE :-)
http://godspeaksinternetradio.com/

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4148
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by abernyte » Sun Jul 17, 2022 4:03 pm

No one is forcing you to upgrade to Joomla 4.
Joomla 3.10.x is supported until August 2023 although no new features will be added to J3 during this period.
All software has a finite life and Joomla is no different. If you are using old extensions in your J3 site that are incompatible with J4 then they will in all likelihood also be incompatible with PHP8.x, which is also a desirable change.
Start now and plan your upgrade path. You have ample time.
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

User avatar
GODpleasers
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 210
Joined: Wed Jun 11, 2014 3:47 pm
Location: Wenatchee, Wa
Contact:

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by GODpleasers » Sun Jul 17, 2022 4:22 pm

abernyte wrote:
Sun Jul 17, 2022 4:03 pm
No one is forcing you to upgrade to Joomla 4.
Joomla 3.10.x is supported until August 2023 although no new features will be added to J3 during this period.
All software has a finite life and Joomla is no different. If you are using old extensions in your J3 site that are incompatible with J4 then they will in all likelihood also be incompatible with PHP8.x, which is also a desirable change.
Start now and plan your upgrade path. You have ample time.
Ok, so will 3.10 still run even know it is not supported? and if so how long for?

And yes we have a lot that of extensions that will not run in php 8 or j4 which we are waiting on updates for. That is why we are not ready for j4 yet or php 8.

at any rate it takes time for all the extension makers to update them.
GOD Speaks internet radio- :-) GOOD :-) Music that employs life, deliverance, & restoration - COMPLETE :-)
http://godspeaksinternetradio.com/

User avatar
sozzled
Joomla! Master
Joomla! Master
Posts: 13103
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by sozzled » Sun Jul 17, 2022 4:43 pm

abernyte wrote:
Sun Jul 17, 2022 4:03 pm
No one is forcing you to upgrade to Joomla 4.
I agree 1000%: no-one (and I mean no-one) is forcing anyone to do anything. People, today, are still running J! 2.5 websites¹; some people are still running J! 1.x websites. If anyone was threatening to cut off life-support for websites that are still using anything before J! 3.10.10 then it would have happened years ago and, today, this forum would not welcome requests for information from people who still use those old, outdated, unsupported versions of J!.

There are currently only two supported versions of J!: J! 3.10.10 and J! 4.1.4. All other versions of J! are unsupported in a technical sense. Does that mean that all bugs will be fixed in those versions? No. Does this mean that these versions will receive updates that will enhance the current feature sets in those versions? No. Does this mean that new releases are guaranteed to occur at any time for either of these versions? No ... but it would be unlikely that these versions will be the end of J! as we know it. ;D

What you can also do is to search Google for articles about what or who may be "forcing" the retirement of J! 3.x in August 2023. End-of-support just means that no-one will be fixing any software errors, vulnerabilities or bugs after the EOS date but it doesn't mean that your J! 3.x website(s) will capsize at midnight on 17-Aug-2023.

I have no immediate plans to migrate all of my J! 3.x websites to J! 4.1 (or J! 4.2 or possibly even J! 5.x) regardless of whatever EOS date exists. Who knows?

Does this help? Do you feel my comments have "elaborated" sufficiently?

______
¹ There's an interesting story about J! 2.5 that was supposed to have been retired in 2012 but it stayed around for another 2 years after the originally planned end-of-support date. I don't think that's going to happen with J! 3.x this time around, though.
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?”
Walking the talk: https://j4xdemo.enduring.com.au
:)

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 42144
Joined: Sat Apr 05, 2008 9:58 pm

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by Webdongle » Sun Jul 17, 2022 6:53 pm

GODpleasers wrote:
Sun Jul 17, 2022 4:22 pm
...
Ok, so will 3.10 still run even know it is not supported? and if so how long for?

...
The answer is 'How long is a piece of string. A lot depends on how long your server allows older php versions when new versions come out. And how your 4rd party extensions cope with php upgrades that your Host makes.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
GODpleasers
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 210
Joined: Wed Jun 11, 2014 3:47 pm
Location: Wenatchee, Wa
Contact:

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by GODpleasers » Sun Jul 17, 2022 7:22 pm

So what does security only mode mean? Please elaborate?
GOD Speaks internet radio- :-) GOOD :-) Music that employs life, deliverance, & restoration - COMPLETE :-)
http://godspeaksinternetradio.com/

User avatar
sozzled
Joomla! Master
Joomla! Master
Posts: 13103
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by sozzled » Sun Jul 17, 2022 7:30 pm

As far as we know—we don't know much—J! 3.10 will be supported until 17-Aug-2023; that's—literally—all that we know!

I agree with @Webdongle's assessment that the lifespan of your website is unpredictable: your website may continue to operate in the same way as it already has for the next twelve months, twelve weeks, twelve seconds or twelve years depending on (a) what you do with it, (b) whether your webhosting provider continues to offer you services that underpin J! (e.g. Apache, MySQL, PHP, etc.), (c) how other software you're using is also maintained and (d) I suppose, whether you're still alive in the future to look after your website. None of us has a crystal ball; there are no guarantees.

However, in terms of the end of service manifesto, as promulgated by the J! CMS development team, is concerned, the viability of your website is not dependent upon whether you're using J! 3.10.10, J! 3.10.11 or whatever happens at one minute after the stroke of midnight on 17 August 2023.

The phrase "security-only mode" is used (without much explanation) in article I referred to in this post. I gave you my interpretation of the phrase in my earlier reply.

8)
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?”
Walking the talk: https://j4xdemo.enduring.com.au
:)

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 42144
Joined: Sat Apr 05, 2008 9:58 pm

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by Webdongle » Sun Jul 17, 2022 11:13 pm

There was an exception to eol of Joomla. Sometime after J1.5 was no longer supported a zero day exploit of Joomla was discovered. Can't remember the current Joomla version at the time perhaps 2.5. The current Joomla of the time was officially patched. But there was an unofficial patch for J1.5.
viewtopic.php?t=902928 All inks now lead to language downloads now but a patch for the unsupported 1.5.26 was produced.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 29501
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by Per Yngve Berg » Mon Jul 18, 2022 6:37 am

"Security only mode" means that the updates only contains security fixes, no bug fixing and new features.
You have one year left and the site of cause will operate after that date until it will fail from upgraded php versions.

You may get lucky or not (as J1.5 users got hacked by a discovered security hole after the support ended)

User avatar
sozzled
Joomla! Master
Joomla! Master
Posts: 13103
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by sozzled » Mon Jul 18, 2022 7:36 pm

Per Yngve Berg wrote:
Mon Jul 18, 2022 6:37 am
"Security only mode" means that the updates only contains security fixes, no bug fixing and new features.
I agree.

Per Yngve Berg wrote:
Mon Jul 18, 2022 6:37 am
You have one year left ...
I completely disagree.
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?”
Walking the talk: https://j4xdemo.enduring.com.au
:)

nicol
Joomla! Intern
Joomla! Intern
Posts: 57
Joined: Wed Jan 18, 2006 2:33 am
Location: London

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by nicol » Thu Jul 21, 2022 8:09 pm

Thanks for asking this question. Drupal end-of-life for D7 got delayed this year (and may be delayed again) after it was clear not enough sites had ported to D8/9 - I'm still hoping Joomla powers / Open Source Matters see the light and extend the cut-off date.

But assuming they don't, I would happily commit an annual donation to an Open Collective account for someone to provide security maintenance for J3.x or a branch of it (https://backdropcms.org/ is a community maintained branch of Drupal 7 fyi).

In the CiviCRM community we have put quite a bit of time and money into trying to make the J4 port work (https://lab.civicrm.org/dev/joomla/-/mi ... tab-issues) and after two years, there's still quite a few major blockers. Tbh it's a wonder that CiviCRM is still supporting Joomla given it's Civi's smallest userbase.

"All software has a finite life and Joomla is no different."
WordPress hasn't had one breaking update since v1. You can upgrade a v1 WP site to the latest version (albeit with a new theme). It's a decision in WP's architecture and management to have easy updates and is undoubtedly a part of their success.

For my own clients, I have to explain to them there's a cost for a major upgrade with no clear new featues I can promote to them, other than 'the codebase needed improving apparently'.

I've been thru Joomla upgrades from 1->1.5,-> 1.6/1.7->2.5,2.6,3.x but this is the first time I'm not sure I will. My clients are already out on a limb in their world in not using WordPress or Drupal, now I have to get them to pay for this migration, and convince them they shouldn't bother migrating to WordPress (with no breaking upgrades and Gutenberg) or Drupal (with Composer and Views) instead? I'm not sure I can. Maybe if J4 had a Views or Gutenberg or Composer, but I can't see anything there a client would appreciate. The only alternative I see is paying something each month to support a maintenance 3.x release is possible.

(PS - I appreciate the Joomla team puts in a huge effort, without pay, and I mean no disrespect in saying any of this. I'm really grateful for their work over the years and have defended Joomla for a long time. But I'm sure I'm not the only Joomla user considering jumping elsewhere if the J3 release ends next August.)

User avatar
sozzled
Joomla! Master
Joomla! Master
Posts: 13103
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by sozzled » Thu Jul 21, 2022 8:30 pm

⭐ @nicol ⭐
nicol wrote:
Thu Jul 21, 2022 8:09 pm
I've been thru Joomla upgrades from 1.0 → 1.5 → 1.6/1.7/2.5 → 3.x but this is the first time I'm not sure I will.
I agree. 8)
nicol wrote:
Thu Jul 21, 2022 8:09 pm
... I'm sure I'm not the only Joomla user considering jumping elsewhere if the J3 release ends next August.
I sympathise with the sentiment but I think your observation will fall on deaf ears: the CMS development team is wrapped up in their own world with zero regard for what we ignorant consumers have to say about their product. I'm not planning on "jumping elsewhere" in August 2023 but I am seriously considering whether to remain in the webcraft development game.
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?”
Walking the talk: https://j4xdemo.enduring.com.au
:)

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4148
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by abernyte » Fri Jul 22, 2022 7:59 am

Drupal end-of-life for D7 got delayed this year
Dries has already offered his opinion that Drupal is unlikely to survive PHP8 EOL and will be fully SAAS by then. Who knows if that will transpire.
WordPress hasn't had one breaking update since v1.
Oh come on! WordPress did not cycle through the versions because they liked changing the number. The versions were EOL and the fact they achieved this without B/C break in some way explains the complex tangle it is now. All the plugins and themes that failed to make the version jumps make it no different to any other CMS.
now I have to get them to pay for this migration,
The basic answer to the OP remains the same. No one is forcing your clients to change to J4. Your complaint seems to be not with the quality or effectiveness of the J4 code but your ability to monetize it. That's okay. I get that you are running a business and need it to be profitable - but it is your clients decision to evaluate any possible risk and stay with J3 which will continue to work just fine for the foreseeable future.
It is more likely that the evolution of PHP will drive the need to change faster than any fatal weakness in J3, but I am not placing bets on either.
Is J4 perfect? No. Is it a good product? Yes. Should I drop everything and rush out and migrate from J3 to J4? Probably not (although it is not a foolish decision if you do). Should I start planning a future move to J4? Hell Yeah.
"Those who expect to reap the blessings of freedom must, like men, undergo the fatigue of supporting it." Thomas Paine

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 42144
Joined: Sat Apr 05, 2008 9:58 pm

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by Webdongle » Fri Jul 22, 2022 10:26 am

So long as you have your database you have your site. All the files do is put/get the data to from the database and display it on the screen. So if you get hacked you can rebuild the files then decide to look to fix the vulnerability or migrate to J4.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

nicol
Joomla! Intern
Joomla! Intern
Posts: 57
Joined: Wed Jan 18, 2006 2:33 am
Location: London

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by nicol » Wed Nov 23, 2022 3:31 pm

> So if you get hacked you can rebuild the files then decide to look to fix the vulnerability or migrate to J4.
(@webdongle)

That's not an option if you're hosting people's data, which both the J3 websites I need to deal with are.

> All the plugins and themes that failed to make the version jumps make it no different to any other CMS.
(@Abernyte)

If I took a Joomla 1 and WordPress 1 website, WordPress lets me upgrade within it to the current version, Joomla breaks at 1->1.5 and requires a port, and again at 1.5->1.6 (a little). This isn't point-scoring, just no doubt a big factor in WP success. Also, perhaps as changes are incremental, I've not yet had a WP upgrade that broke my theme/plugin.

All this said, Joomla 3->4 upgrade went much smoother than I expected. I have maybe been burnt by the Drupal 7 -> Drupal 8/9 experience. Being told which extensions to disable before was pretty good (an alert to upgrade Kuena to latest 5.x would have been cool as it's too late post-upgrade). Joomla4's error handling helped me debug some issues after upgrade, much nicer than in 3. I still find the UI brash, loud & not pleasant to spend a long time in, and some of the UX puzzling (why take things that were quite happy in a drop down menu and put them behind three navigation clicks?) but TinyMCE, for e.g. is pretty nice, and looking forward to exploring workflows.*

Doesn't make me happier about the whole thing – the cost of migrating CiviCRM to Joomla 4 is notable and still ongoing (and Joomla/Civi is a tiny subset of the Civi community), but we're getting closer thanks to Joe Murray & Monish Deb: https://lab.civicrm.org/dev/joomla/-/mi ... tab-issues. Now moving onto the Joomla+CiviCRM ecosystem: https://github.com/lcdservices/CiviCRM- ... /issues/14.

*I realise to anyone working on J4 - which has clearly been a lot of work - I sounds like an ungrateful brat user. I don't mean to be – I'm grateful for everyone's efforts, but my problem is that while this is a non-profit, community governed CMS, users didn't seem to get a say in the existence and timing of a breaking upgrade. Talk of porting the beautiful ISIS admin theme were ignored. There's been many years of feeling like a salmon swimming upriver against a downstream of WordPress and Drupal users laughing as I try and explain the advantages of Joomla ("the #1 Goldilocks CMS on the powerful<->easy-to-use spectrum" imho). Getting the CiviCRM community and core team to not drop Joomla was an achievement by the few of us who use both, to then get it rewritten for J4 was a big ask & investment. I appreciate there's an attempt at governance, by letting us vote for OSM members, but maybe ecosystem changing decisions should be put to community vote in some other way (Loomio.org / similar)

User avatar
GODpleasers
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 210
Joined: Wed Jun 11, 2014 3:47 pm
Location: Wenatchee, Wa
Contact:

Is Joomla! 3.10.11still going to be usable when its at the end of life stage?

Post by GODpleasers » Wed Nov 23, 2022 7:07 pm

Is Joomla! 3.10.11still going to be usable when its at the end of life stage?

I'm asking because we have several extensions we don't want to give up that we are waiting for a updates to make them compatible with j4.
Last edited by imanickam on Wed Nov 23, 2022 7:49 pm, edited 1 time in total.
Reason: Merged with the topic https://forum.joomla.org/viewtopic.php?f=706&t=995056. In the future, do not ask the same question multiple times as it is against the forum rules.
GOD Speaks internet radio- :-) GOOD :-) Music that employs life, deliverance, & restoration - COMPLETE :-)
http://godspeaksinternetradio.com/

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 42144
Joined: Sat Apr 05, 2008 9:58 pm

Re: My question is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by Webdongle » Wed Nov 23, 2022 7:19 pm

nicol wrote:
Wed Nov 23, 2022 3:31 pm
> So if you get hacked you can rebuild the files then decide to look to fix the vulnerability or migrate to J4.
(@webdongle)

That's not an option if you're hosting people's data, which both the J3 websites I need to deal with are.
...
Yes it is because the data is in the database not the files


nicol wrote:
Wed Nov 23, 2022 3:31 pm
...
If I took a Joomla 1 and WordPress 1 website, WordPress lets me upgrade within it to the current version, Joomla breaks at 1->1.5 and requires a port, and again at 1.5->1.6 (a little). This isn't point-scoring, just no doubt a big factor in WP success. Also, perhaps as changes are incremental, I've not yet had a WP upgrade that broke my theme/plugin....
And also a reason why wp is more easily hackable than Joomla.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
sozzled
Joomla! Master
Joomla! Master
Posts: 13103
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Is Joomla! 3.10.11still going to be usable when its at the end of life stage?

Post by sozzled » Wed Nov 23, 2022 7:40 pm

GODpleasers wrote:
Wed Nov 23, 2022 7:07 pm
Is Joomla! 3.10.11 still going to be usable when its at the end of life stage?
It doesn't matter what I or anyone else thinks: what do you think?

Some people today are still using J! 1.x to operate their websites, would you believe? People are running J! 2.5 websites; people are operating their websites using end-of-life software all over the world. So, it doesn't matter what I think. What do you think?
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?”
Walking the talk: https://j4xdemo.enduring.com.au
:)

nicol
Joomla! Intern
Joomla! Intern
Posts: 57
Joined: Wed Jan 18, 2006 2:33 am
Location: London

Re: Is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by nicol » Wed Nov 23, 2022 8:06 pm

> "Yes it is because the data is in the database not the files"
@webdongle

Just in case someone reads this thread and takes this as advice.. any hacker with read/write/edit access to your files can access the database. The username and password for your database are sitting in plain text in configuration.php so anyone with access to your root server enough that they can write files, has access to your dbse.

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 8172
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by AMurray » Wed Nov 23, 2022 9:36 pm

Nicol wrote:Just in case someone reads this thread and takes this as advice.. any hacker with read/write/edit access to your files can access the database. The username and password for your database are sitting in plain text in configuration.php so anyone with access to your root server enough that they can write files, has access to your dbse.
Additional to this comment, it's not unique to Joomla to have the db password in a plain-text config file. Many web application would use a similar technique.

The best advice is use strong passwords, change them frequently (including but not limited to your web-hosting account, FTP accounts, and databases).
Regards - A Murray

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 42144
Joined: Sat Apr 05, 2008 9:58 pm

Re: Is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by Webdongle » Wed Nov 23, 2022 10:31 pm

nicol wrote:
Wed Nov 23, 2022 8:06 pm
...
Just in case someone reads this thread and takes this as advice.. any hacker with read/write/edit access to your files can access the database. ...
A few points to that you missed to say
1. When you delete all the files then there are no files to be able to access the database.
2. If they can access a server that has no site files then you have bigger server security issues that access to your database.

I have taken the time to write this post for the benefit of newbies who might be misled by your statement. I am sure you mean well but your statement was misleading because it failed to mention the above points.

So I say again
Webdongle wrote:
Fri Jul 22, 2022 10:26 am
So long as you have your database you have your site. All the files do is put/get the data to from the database and display it on the screen. So if you get hacked you can rebuild the files then decide to look to fix the vulnerability or migrate to J4.


A few other things to consider
* If you follow the advice given in the forum (in multiple places) then you can clean the hack.
* Not all hacks have full access to your server or database.
* Out of those that do often not many will bother with the database. They will hide their hack and leech from your server.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

nicol
Joomla! Intern
Joomla! Intern
Posts: 57
Joined: Wed Jan 18, 2006 2:33 am
Location: London

Re: Is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by nicol » Wed Nov 23, 2022 11:07 pm

Webdongle wrote:
Wed Nov 23, 2022 10:31 pm
A few points to that you missed to say
1. When you delete all the files then there are no files to be able to access the database.
2. If they can access a server that has no site files then you have bigger server security issues that access to your database.

I have taken the time to write this post for the benefit of newbies who might be misled by your statement. I am sure you mean well but your statement was misleading because it failed to mention the above points.
I'm not sure if this is a meant to be a joke, but can I check what you are saying..

1. Your site is running an old version of Joomla (or any web software). It's not had any security updates and known vulnerabilities exist in it.
2. Someone hacks into the site. They now have access to your database and can make a copy of it. Maybe they hang around snooping user logins to get the passwords, maybe they put a bunch of spam links in, whatever - they cause mess.
3. You notice your site has been hacked. You take it offline, change your passwords. You may now have legal obligations to notify people of a data breach.
4. And at this point, your suggestion is that by deleting files the problems from the hack has vanished: "when you delete all the files then there are no files to be able to access the database." But that's obviously meaningless if the hackers have already exported the dbse.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 42144
Joined: Sat Apr 05, 2008 9:58 pm

Re: Is Joomla 3.10 still going to be usable in security only mode? Elaborate on the meaning of this please.

Post by Webdongle » Thu Nov 24, 2022 12:25 am

1. Your risk using unsupported software
2. What you said is rubbish because they can't do that if you delete the files
3. No point changing your passwords until you delete your files and eliminate the entry point of the hack. Notifying data breach is your responsibility for running unsupported software.
4.
*a. By deleting the files you prevent the hackers access to the database.
*b. By replacing the files with fresh ones you can access the database and change passwords, remove unauthorised users, remove vulnerable extensions etc. while the hackers still have no access to your site.
*c. You then have your site back, the hackers have no access because you locked them out and removed their back doors.

fyi
As soon as your site is hacked the hackers post the details in a hackers forum. Then other hackers then hack your site. By deleting the all the files on the server you deny the hackers access while you still have access.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".


Post Reply

Return to “General Questions/New to Joomla! 3.x”