University Web Developers

University Web Developers

We've found several issues when it comes to security of opensource PHP CMSs, particularly with Joomla and PostNuke. Since Joomla and the PHP engine are so widely used they seem like big targets of attack. Patching all of our Joomla installations every time a hole is fixed can be time consuming. What are some of the ways in which you protect Joomla? What alternatives are you using that might not be as vulnerable? Are there any other programming platforms you are using for your site that might be more secure than PHP?

Views: 34

Reply to This

Replies to This Discussion

Hi there,

a few things I do:

1) Hide the fact that your site is indeed a Joomla site - this can be done by removing the generator tag, removing any links pointing to joomla.org from templates. Doing this alone will keep you off the radar of 'script kiddies'. Do not use standard Joomla urls (of course you would want to do that for seo reasons anyway)

2) Use an extension like sef404 which not only handles sef urls but also has various security features and reporting built in

3) Do not EVER just install a 3rd party extension because it looks useful, always check on the joomla site (and via general googling) if there are any know security issues. 4 out of 5 of the people that I know that have had Joomla sites hacked, were the product of installing poorly written (free) extensions

4) Make sure your host is on the case with security, I know that there have been issues for a number of people on shared hosting packages, especially when cpanel is used - I beleive there is a potential security issue on the cpanel config file generated if you let it install Joomla for you (rather that via a straight/standard browser based install).

5) Re patching, if you use Joomla multisite (which is pretty cheap) you only need to patch one instance of Joomla and the rest are auto updated which is a nice time saver

Hope this helps!

4)
One thing you could do is look into an IDS/IPS like StrataGuard (it is free for servers up to 20Mbps last time I checked). You can build in rules for intrusion detection that can take care of a lot of the ways bots and hackers will make initial checks for vulnerabilities.

I like that as an answer, because ultimately I'd argue no language is particularly more "secure" than another. They are only as secure as the person writing the code, and if you are relying on someone else's code, then you really shouldn't ever just trust them to be right. The third party IDS/IPS route kind of helps by adding that extra layer.

RSS

Elsewhere

Latest Activity

Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Here’s an outline of everything you need to know about OCR compliance, including what it is, what your college or university can do to stay compliant, and resources for OCR compliance. #accessibility http://bit.ly/2rcPDgG"
Friday
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with April Buscher from Montana State University Billings to learn how blind readers and people with hearing impairment view and read your website and how you can make it accessible to them. http://bit.ly/2zhdcIt"
Aug 14
Amanda Lawson joined Lynn Zawie's group
Thumbnail

OmniUpdate

Share your experiences using OmniUpdate CMS
Aug 9
Amanda Lawson posted a photo

Amanda Lawson

Amanda Lawson, Web Content ManagerCommunity College of Allgheny County
Aug 9
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"High schoolers spend more time on their digital devices than they do sleeping, doing homework, or participating in extracurricular activities. So how do you make your message stand out to them? #eexpect http://bit.ly/2MOIIWC"
Aug 8
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Want to increase digital engagement with high school juniors and seniors? Join our next webcast with Stephanie Geyer from Ruffalo Noel Levitz as she shares new data from the 2019 E-Expectations Trend Report on email, paid media, and social media…"
Jul 31
Charlie Holder joined DNI's group
Thumbnail

Cascade Server CMS

For folks who use (or are interested in) Hannon Hill's Cascade Server CMS productSee More
Jul 26
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Is your website in compliance with the new WCAG 2.1? Join our webcast to learn various accessibility guidelines, what’s new in 2.1, and more! http://bit.ly/2zhdcIt"
Jul 22
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Even though GDPR has been in effect for over a year, many U.S. colleges and universities are still struggling with how best to implement the rules. We’re here to help. http://bit.ly/2YZZtRQ"
Jul 18
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Does your college or university website meet the new WCAG 2.1 accessibility standards? http://bit.ly/2JBXD3s"
Jul 12
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Eric Turner from Mt. San Antonio College, who will share easy steps to make your website GDPR compliant. http://bit.ly/2zhdcIt"
Jul 10
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"It is always important to make a good first impression! Join Aaron Blau from Converge Consulting as he covers ways to make your web content attractive to your target audience and create an authentic brand message. http://bit.ly/2zhdcIt"
Jun 19
Jon Shaw posted a discussion

email obfuscation

Anyone using a javascript or php email obfuscation library that is effective for spam defense?See More
Jun 11
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Kelly Bostick from University of Arkansas who will provide some great tips on ways to ensure that all of your digital content is accessible. http://bit.ly/2zhdcIt"
Jun 6
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Creating and producing website content is just the tip of the iceberg. In our latest white paper, learn how to manage that content to help your website reach its fullest marketing and recruiting potential. http://bit.ly/30WJ0PW"
May 30
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"A college or university website redesign is the most effective and cost-efficient way to attract and recruit new students. Download our ultimate guide to get started on your redesign today! http://bit.ly/30MmcSQ"
May 28
Cody Bryant is now a member of University Web Developers
May 20
Linda Faciana commented on Lynn Zawie's group OmniUpdate
"Join us for our next webcast with Rachael Frank from Gravity Switch to learn how to organize your content and messaging for a website redesign. http://bit.ly/2zhdcIt"
May 16
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Capitalize on content by creating an editorial calendar for your college or university website. Here’s how: http://bit.ly/2WCauaY"
May 9
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"A soft launch of your website redesign is well worth the extra time. Find out why. http://bit.ly/2LfeigX"
May 2

UWEBD has been in existence for more than 10 years and is the very best email discussion list on the Internet, in any industry, on any topic

About

© 2019   Created by Mark Greenfield.   Powered by

Badges  |  Report an Issue  |  Terms of Service