University Web Developers

University Web Developers

We've found several issues when it comes to security of opensource PHP CMSs, particularly with Joomla and PostNuke. Since Joomla and the PHP engine are so widely used they seem like big targets of attack. Patching all of our Joomla installations every time a hole is fixed can be time consuming. What are some of the ways in which you protect Joomla? What alternatives are you using that might not be as vulnerable? Are there any other programming platforms you are using for your site that might be more secure than PHP?

Views: 36

Reply to This

Replies to This Discussion

Hi there,

a few things I do:

1) Hide the fact that your site is indeed a Joomla site - this can be done by removing the generator tag, removing any links pointing to joomla.org from templates. Doing this alone will keep you off the radar of 'script kiddies'. Do not use standard Joomla urls (of course you would want to do that for seo reasons anyway)

2) Use an extension like sef404 which not only handles sef urls but also has various security features and reporting built in

3) Do not EVER just install a 3rd party extension because it looks useful, always check on the joomla site (and via general googling) if there are any know security issues. 4 out of 5 of the people that I know that have had Joomla sites hacked, were the product of installing poorly written (free) extensions

4) Make sure your host is on the case with security, I know that there have been issues for a number of people on shared hosting packages, especially when cpanel is used - I beleive there is a potential security issue on the cpanel config file generated if you let it install Joomla for you (rather that via a straight/standard browser based install).

5) Re patching, if you use Joomla multisite (which is pretty cheap) you only need to patch one instance of Joomla and the rest are auto updated which is a nice time saver

Hope this helps!

4)
One thing you could do is look into an IDS/IPS like StrataGuard (it is free for servers up to 20Mbps last time I checked). You can build in rules for intrusion detection that can take care of a lot of the ways bots and hackers will make initial checks for vulnerabilities.

I like that as an answer, because ultimately I'd argue no language is particularly more "secure" than another. They are only as secure as the person writing the code, and if you are relying on someone else's code, then you really shouldn't ever just trust them to be right. The third party IDS/IPS route kind of helps by adding that extra layer.

RSS

Elsewhere

Latest Activity

Erin Jorgensen posted a discussion

HighEdWeb 2020 Accessibility Summit

The HighEdWeb 2020 Accessibility Summit is a one-day, online conference about digital accessibility in higher education happening June 25, 2020, from 10 a.m. to 5 p.m. CDT.Join in to learn best practices, share stories and connect with your higher ed peers on topics including social media accessibility, web development, user experience and more. Sessions are designed to boost knowledge at every level, from accessibility beginners to technical experts. Conference registration is $25, with…See More
yesterday
Erin Jorgensen is now a member of University Web Developers
yesterday
Christine Boehler posted a discussion

HighEdWeb 2020 Annual Conference - ONLINE

October 19-20, 2020https://2020.highedweb.org/#HEWeb20     Join us ONLINE for HighEdWeb 2020, the conference created by and for higher education professionals across all departments and divisions. Together we explore and find solutions for the unique issues facing digital teams at colleges and universities. In 2020, the Conference will be held completely online, offering multiple tracks of streamed presentations, live…See More
May 3
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Throughout April, we're hosting webcasts exploring how colleges and universities across North America are responding to the COVID-19 pandemic. Register for the series today! https://bit.ly/2xsXhK9"
Apr 13
Christelle Lachapelle is now a member of University Web Developers
Apr 6
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Download our latest white paper to learn how the demographics of today’s higher ed learners are shifting, and how schools can adapt to meet the needs of these new learners. https://bit.ly/2wTKdgB"
Mar 31
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Join our next webcast with Amrit Ahluwalia from The EvoLLLution to learn about the new "modern learner" in higher education. https://bit.ly/2UuDh2I"
Mar 30
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"As we ride out the latest developments and impact of the coronavirus, there's no better time than now to learn the three Bs of crisis planning. http://bit.ly/2ITVkc2"
Mar 16
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Is your college or university prepared to meet the challenges that come with disasters and emergencies like the coronavirus? Learn how your CMS can help. http://bit.ly/2TUZUM8"
Mar 12
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"Can’t afford the time and money to launch a comprehensive guided pathways model? Register for our FREE webcast to learn tricks for simulating a digital guided pathways experience."
Feb 21
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"With college enrollment decreasing for the 8th year in a row, boosting your college or university marketing efforts is more important than ever. Here's how to get started. http://bit.ly/2vTQAzz"
Feb 20
Christine Boehler posted a discussion

HighEdWeb 2020 Annual Conference

October 18-21, 2020 in Little Rock, Arkansas, USAhttps://2020.highedweb.org/#HEWeb20     Join us for HighEdWeb 2020, the conference created by and for higher education professionals across all departments and divisions. Together we explore and find solutions for the unique issues facing digital teams at colleges and universities. With 100+ diverse sessions, an outstanding keynote presentation, intensive workshops, and engaging networking events,…See More
Feb 19
Christine Boehler posted a discussion

HighEdWeb 2020 Call for Proposals is Open!

The 2020 Annual Conference of the Higher Education Web Professionals Association (HighEdWeb) will travel to Little Rock, Arkansas, this October 18-21 — and the call for proposals is now open! As a digital professional in higher education, we know you have great ideas and experiences to share. From developers, marketers and programmers to managers, designers, writers and all team members in-between, HighEdWeb provides valuable professional development for all who want to explore the unique…See More
Feb 14
Christine Boehler shared Sara Clark's discussion on Facebook
Feb 14
Christine Boehler is now a member of University Web Developers
Feb 14
Brian Bell joined Kevin Daum's group
Feb 14
Brian Bell joined Mark Greenfield's group
Feb 14
Kenneth George is now a member of University Web Developers
Feb 13
John Sterni is now a member of University Web Developers
Feb 6
Sara Arnold commented on Lynn Zawie's group OmniUpdate
"The early-bird discount for OUTC20 ends today! Don't wait... register NOW and save $100! https://outc20.com/"
Jan 24

UWEBD has been in existence for more than 10 years and is the very best email discussion list on the Internet, in any industry, on any topic

About

© 2020   Created by Mark Greenfield.   Powered by

Badges  |  Report an Issue  |  Terms of Service