| Written by Steve Burge |
 We received an email this morning from Phil-Taylor.com listing security holes in various Joomla components. I have an awful lot of respect for Phil and his work developing Mambo and now his components. However, I think the tone of the latest email could have been improved. People are understandably jumpy when it comes to security and I think he could have done a better job of pointing people towards freely available solutions rather than to his new security site. There have always been third-party components with vulnerabilities and I've not seen any evidence that security exploits are increasing. What may be increasing is the number of hacker attacks. Some major Joomla sites are being attacked every 60-90 seconds. However, thats not much different from a computer plugged in to the internet. Its not that difficult to secure your site. Here's how... Where to get started with Joomla SecurityWhat to do if you use an extension on Phil Taylor's list?How to Recover from ANY hack |
Comments
a security release is available on our website for NeoRecruit. I'm also very disappointed by this kind of communication...
It's not fair at all to send this kind of message without contacting directly the project team...
An idea I've been contemplating is the setting up of a 3rd Part QA team as part of the Joomla core team, which would have the responsibility of doing a QA on certain components thus approving them as "mostly secure".
If not, maybe a Dev/QA process should be developed such that only components who comply to this process, and basic security standards would be accepted as "Joomla approved" extensions.
This would be a major step in ensuring that Joomla is not perceived as an easily hackable CMS...
We should all help - diagnose problems - submit patches, if we have the talent - get it communicated properly. But, no more standing on the front porch of your blog letting Google alerts carry what frequently turns out to be FALSE information to the unsuspecting masses. Such DRAMA! And, for what goal? To sell your security services at the expense of someone else's reputation? NO MORE!
I was here looking for a link and am so glad I stopped by.
Can you give another sample for download?
Thanks
The link works for me here. Try www.alledia.com/htaccesscopy.zip
When I try to download the sample .htaccess file, it is coming up blank for me too.
RSS feed for comments to this post