It's time to take serious action against hacking

Relax and enjoy The Lounge. For all Non-Joomla! topics or ones that don't fit anywhere else. Normal forum rules apply.
Locked
zyzko
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sun Mar 07, 2021 10:59 am

It's time to take serious action against hacking

Post by zyzko » Sun Mar 07, 2021 11:15 am

Hello, It is unfortunate that an increasing number of Joomla web sites are being hacked because web agencies and / or customers do not update their sites. The Web is flooded with hacked Joomla sites, used to deceive visitors and distribute malware, or to run Negative SEO campaigns.

Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.

This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.
Last edited by toivo on Mon May 24, 2021 11:43 am, edited 1 time in total.
Reason: mod note: moved from Joomla! Ideas Forum on request

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: It's time to take serious action against hacking

Post by mandville » Sun Mar 07, 2021 5:37 pm

part 1 of post
can i correct your errors.
Hello, It is unfortunate that an increasing number of web sites are being hacked because web agencies and / or customers do not update their sites. [or take simple precautions]

so are you proposing that joomla actively interferes with someones site ? stick it in viewforum.php?f=575
what ever could go wrong in that? just look at other software that implements forced updates.

part 2
clickbait.png
You do not have the required permissions to view the files attached to this post.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

brendanhedges
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 227
Joined: Sat Mar 04, 2017 1:28 am
Location: Surrey, UK
Contact:

Re: It's time to take serious action against hacking

Post by brendanhedges » Sun Mar 07, 2021 6:10 pm

Actually, this is something that some hosting companies do for their clients automatically. Mine does. As soon as a new version of the CMS is released any 'core' files that were identified as vulnerable and subsequently fixed in an update are automatically 'patched'. So, even if I don't do a full version update all the weak files are updated regardless. I was cautious of this at first, but in the last 3 years, I've had no reason to undo this patching as no problems were created but my hosting company. So, maybe you need to address this to your host, rather than the CMS.

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 9634
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: It's time to take serious action against hacking

Post by AMurray » Sun Mar 07, 2021 9:58 pm

Unmonitored auto updates might cause more problems than they intend to fix especially if done through a third party updater. Just stick to your routine, and update Joomla through Joomla Update, where you have control. Auto updating just for the sake of it doesn't consider the CMS core or third party extensions that may need checking for compatibility with the host's systems etc. No guarantee an update will not break a site.

I prefer maintaining control of the updates I do (and yes, I do core updates through Joomla Update the day they are released generally or soon thereafter), and third party updates are done when the Extension Manager advises there are updates.

Joomla does warn users about issues e.g. outdated PHP or when updates are available (of course that relies on the relevant plugins being enabled), the onus is on the site owner, and shouldn't be an unmonitored update either by the CMS or the web host and third-party script providers ike Softaculous should probably be avoided as the Joomla Project has no control over whether their update/install scripts have been modified.

You also have a varying difference in quality of web hosts - some that actively keep hosting systems up to date (e.g. PHP versions) and others not so much.
Regards - A Murray
General Support Moderator

User avatar
darb
Joomla! Hero
Joomla! Hero
Posts: 2038
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden

Re: It's time to take serious action against hacking

Post by darb » Sat Mar 13, 2021 7:33 am

@yzko where did you get this important info from?

Where did you find out the numbers and statistics?

You just register here, have one post and claim things that are not true and have any evidence for what they are.

For me you are just again like the sent out Wordpress tribe that try to eliminate Joomla from the competition to be one of the most secure, stable and easy to use CMS in the world.

People here that moderate: You have to take action to these people register here with purpose only to damage Joomla bcs this user will never come back with any response what so ever..

This is spam and you know what to do with it! capiche. :geek:

User avatar
darb
Joomla! Hero
Joomla! Hero
Posts: 2038
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden

Re: It's time to take serious action against hacking

Post by darb » Sat Mar 13, 2021 8:25 am

zyzko wrote:
Sun Mar 07, 2021 11:15 am
Hello, It is unfortunate that an increasing number of Joomla web sites are being hacked because web agencies and / or customers do not update their sites. The Web is flooded with hacked Joomla sites, used to deceive visitors and distribute malware, or to run Negative SEO campaigns.

Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.

This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.

Joomla is the best combination of powerful easy secure publishing platform for organisations, companies and users.

You have a very great MVC platform with many CCK and also fast builders like Joomla component builder JCB as one example https://www.joomlacomponentbuilder.com/ and now with new innovative Joomla 4 come also Bootstrap 5 support etc.

OBS! you have to add extensions (plgs) after std installation bcs Joomla itself comes very stripped but is easy to plg/extension/templates etc by one click install as same as updates is very very easy with a button click so very secure future updates.

Best easy secure publishing platform

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: It's time to take serious action against hacking

Post by Webdongle » Sat Mar 13, 2021 10:29 am

zyzko wrote:
Sun Mar 07, 2021 11:15 am
...

Joomla should set the example into CMS world: couldn't you integrate a function in your next release, so that if a Joomla site is not updated, it is automatically rendered inoperative.

This solution may seem drastic, but over time, and if you do nothing, this wonderful tool that is Joomla will do more harm than good to the web.
I can't think of a more affective way to put users off using Joomla. Well done for making a suggestion that would do damage.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
john-doe
Joomla! Ace
Joomla! Ace
Posts: 1008
Joined: Tue Apr 19, 2011 7:39 pm
Location: Colombia
Contact:

Re: It's time to take serious action against hacking

Post by john-doe » Wed Mar 17, 2021 1:54 pm

Webdongle wrote:
Sat Mar 13, 2021 10:29 am
I can't think of a more affective way to put users off using Joomla. Well done for making a suggestion that would do damage.
I do agree with this statement.
www.aldemar-hernandez.com - Custom templates and design services.

User avatar
darb
Joomla! Hero
Joomla! Hero
Posts: 2038
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden

Re: It's time to take serious action against hacking

Post by darb » Thu May 20, 2021 8:08 am

john-doe wrote:
Wed Mar 17, 2021 1:54 pm
Webdongle wrote:
Sat Mar 13, 2021 10:29 am
I can't think of a more affective way to put users off using Joomla. Well done for making a suggestion that would do damage.
I do agree with this statement.
This is a typical one or 2 post attack against Joomla to destroy its image bcs other CMS competitors that is afraid of Joomla working business model that is a "real free CMS owned by all" - not like Wordpress, Drupal etc that have one person that owns the rights of the project and all contributors working for "free" for him. :pop


Locked

Return to “The Lounge”