Comments for Congresssional Joomla Web Defacements at http://www.howtojoomla.net , comment 1 to 3 out of 3 comments http://www.howtojoomla.net Wed, 08 Feb 2012 17:19:43 +0100 FeedCreator 1.7.3 http://www.howtojoomla.net/how-tos/security/congress#comment-2051 Salvus is not a solution. SecureLive looks like the kind of product/company that sells all-in-one kitchen gadgets on late night TV for $19.99. These are both services that only make sense as stopgaps for people who are doing things wrong--cheap, unmanaged hosting or lack of a quality webmaster and server admin. If the House is doing this and being hosed by crappy vendors, that is their fault, but Joomla isn't helping. You can't always save fools from themselves, but it's often worth trying. Joomla's lack of a good internal upgrade alert has started to become a reason to disrecommend it. (And ideally a one-click update for the core and extensions.) This lacking puts Joomla behind other platforms, especially SaaS "hosted solutions." It increases the risk of disaster, as well as the costs of owning a Joomla site, and with millions of Joomla sites deployed, this will translate into howls of pain over exploits that will inevitably tarnish Joomla's brand. - Dan Sun, 21 Mar 2010 01:13:41 +0100 http://www.howtojoomla.net/how-tos/security/congress#comment-1991 Joomla isn't the problem. Clueless site owners and admins are. I can't stress enough to customers how important it is to keep any open source software up-to-date. This includes Drupal, WordPress, phpBB and Moodle. 95% of the time they come out with a new update it is due to a security risk. Third party extensions and plugins also need to be upgraded as well. - Joomla Hosting Mon, 01 Feb 2010 20:23:16 +0100 http://www.howtojoomla.net/how-tos/security/congress#comment-1990 i can shed some light on the debacle. i used to work for said company side-by-side with their former frontend developer who built those exact sites that were hacked. i heard him stress time and time again that they needed to be updated to no avail due to the owner, who wasn't the brightest bulb in the bunch and knew nothing about joomla. i left before the frontend dev decided to leave in 2009 due to a breach of contract by the owner and the frontend dev. that's only the tip of the iceberg for the incompetence and arrogance of the company and its owner. so, yes, the company is clearly in the wrong here and shouldn't be allowed in the house imo. regarding okomo: it isn't even a cms. it's just a ‘really’ basic platform built on django masquerading as a cms, but definitely not a cms as the company states. while, yes, i think a response is necessary on joomla's part, this company deserves no help whatsoever from the joomla community when they're not willing to accept it. it's a shame that such companies are allowed to represent joomla to the federal govt when so many people dedicate their time to the project. i can only hope the house blocks them from doing business there and that they learn a valuable lesson. joomla should write a response and perform some positive pr to recoup what this company cost their brand. - Bob Smith Mon, 01 Feb 2010 19:26:14 +0100