[Hidden-tech] Ransomeware and Site & Server Security

[B. Kimo Lee]

Hi Rob,

Wow, ransomeware! Bummer, but glad you had backups to restore to! Yes, I've acquired a bunch of new clients whose Joomla sites got hacked because the CMS and extension software wasn't being kept up to date and proper security precautions weren't put into place. XXS, File inclusion and SQL injection make site ownership hellish. I hate it when I find viagra links throughout a database, but it is intriguing to figure out what the attackers was trying to do and amusing at times what the content says! 

Rescuing old Joomla sites has become sort of a specialty of mine, in addition to everything else Joomla, including site security. I'm happy to say that the Joomla 3 generation is light years ahead of the older versions, in functionality and interface. A pretty exciting time!

Of course, the same threats apply to Wordpress and Drupal, and other CMS systems running on insecure versions. And as you know, it's not only the site software but also server software which must be maintained.

Having said that, I still get a kick out of how simple HTML sites are better suited to clients who aren't interested in blogging, social media and rarely update their sites. They don't have the ongoing maintenance and site security requirements of CMS-based sites. 

I'd also be interested in hearing from other Network and IT security experts on the list.

Cheers,
Kimo

AZURELINK  ::  "Simply Connected!"
-------------------------------------------------------------------------------
Web Site Design & Scalable, Managed Web Hosting
Joomla! Content Management System Implementation
eCommerce Development
-------------------------------------------------------------------------------
PO Box 230
Milford, NH 03055
(603) 769-4224
For more information, please visit: www.azurelink.com
Follow Azurelink on Twitter: http://twitter.com/azurelink
-------------------------------------------------------------------------------


> 
> On Aug 26, 2014, at 7:48 AM, Rob Laporte wrote:
> 
>> Hi Kimo and HTers,
>> 
>> Good point about the website and server security benefits of https regardless of SEO. We’ve been helping a client that lost 50% of its organic traffic likely due to malware getting on the web server and making bogus content and links, though not sure if HTTPS would have helped prevent that. My firm’s network got hit with ransomware after a rogue IT vendor left us more vulnerable, and thank God for multiple back-up systems. These are cases in point about the general increase in malicious activity on the web. 
>> 
>> This leads me to a new but related topic and question: are there network and security experts on this list? If so, I think it would be good to hear from them, for all our sakes. A security audit of network and website properties should probably be higher on most of our todo lists than it is. 
>> 
>> Best Regards,
>> 
>> Rob Laporte
>> President and CEO
>> DISC, Inc. - "Making Web Sites Make Money"
>> 413-584-6500
>> Fax – 413-553-0745
>> Rob at 2disc.com 
>> www.2disc.com 
>> 
>> Note: Increasingly, ISPs, companies and individuals use spam blocking systems that block legitimate email too. Important emails should be followed up with a phone call if no reply happens within an expected span of time.
>> 
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20140826/5a7543f5/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Azurelink.vcf
Type: text/directory
Size: 611 bytes
Desc: not available
Url : http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20140826/5a7543f5/attachment.bin 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20140826/5a7543f5/attachment-0001.html