Security issue - Joomla! Forum - community, help and support
hi
we trying understand security issue 1 of our sites. website template appears messed in internet explorer, looks fine in other browsers.
we understand problem of snippet of code inserted html causes , when removed website fixed.
question is, when 1 talks joomla being vulnerable, template , extensions vulnerable these attacks, or cms joomla core being open vulnerability. site 2,5 installation.
thanks
earl
we trying understand security issue 1 of our sites. website template appears messed in internet explorer, looks fine in other browsers.
we understand problem of snippet of code inserted html causes , when removed website fixed.
question is, when 1 talks joomla being vulnerable, template , extensions vulnerable these attacks, or cms joomla core being open vulnerability. site 2,5 installation.
thanks
earl
provided issue template security issue , nor difference in way ie executes template code.... then...
it depends. if joomla core files date , date @ time of issue , no security update issued core files, different way of access. level of security , quality testing in joomla , joomla developers respond core security issues fast.
same basic idea goes extensions , templates used. if extensions , templates used current version, , no security alert extension issued extension or template versions used, may secure.
the difference resources , abilities extension , template developers have. developers write better code others , make security more of priority others. can use available joomla doc information make extension, don't write secure (or good) code.
you can have secure site no known weaknesses in joomla core or extensions, or templates, , still become hacked through server insecurity such permissions/ownership, cross site scripting, poor server setup, or other methods.
more point actual question though. hacks targeted leverage specific set of triggers. triggers can specific version of ie, firefox, chrome, etc., specific version of flash or java, specific type of search or search engine result (google yahoo, etc.) produces link site; in other words, search site. trigger can when attempts login either admin area or front end or can combination of multiple triggers need satisfied.
if triggers not satisfied visitor sees nothing , hack not triggered. triggers attempt remain undetected on site longer period of time and/or target specific weaknesses within browser versions can used silently load malware onto visitors computer. hacks can configured not trigger when scanned online scanner making detection harder. sooner or later complain site administrator or site contact.
if template (site) indeed generating type of spam (viagra) or attempted malware download, follow before post topic clean , repair website site has been hacked. viewtopic.php?f=621&t=582854
it depends. if joomla core files date , date @ time of issue , no security update issued core files, different way of access. level of security , quality testing in joomla , joomla developers respond core security issues fast.
same basic idea goes extensions , templates used. if extensions , templates used current version, , no security alert extension issued extension or template versions used, may secure.
the difference resources , abilities extension , template developers have. developers write better code others , make security more of priority others. can use available joomla doc information make extension, don't write secure (or good) code.
you can have secure site no known weaknesses in joomla core or extensions, or templates, , still become hacked through server insecurity such permissions/ownership, cross site scripting, poor server setup, or other methods.
more point actual question though. hacks targeted leverage specific set of triggers. triggers can specific version of ie, firefox, chrome, etc., specific version of flash or java, specific type of search or search engine result (google yahoo, etc.) produces link site; in other words, search site. trigger can when attempts login either admin area or front end or can combination of multiple triggers need satisfied.
if triggers not satisfied visitor sees nothing , hack not triggered. triggers attempt remain undetected on site longer period of time and/or target specific weaknesses within browser versions can used silently load malware onto visitors computer. hacks can configured not trigger when scanned online scanner making detection harder. sooner or later complain site administrator or site contact.
if template (site) indeed generating type of spam (viagra) or attempted malware download, follow before post topic clean , repair website site has been hacked. viewtopic.php?f=621&t=582854
Comments
Post a Comment