[Rhia7]

I create my web pages using Dreamweaver.

I am thinking of converting to a content management system in the future but I am not totally sure if I should make the switch, if so -- which system should I pick?

I am thinking of Joomla so I am reading information about Joomla.

What is a Component Index.PHP SQL Injection Vulnerability????
That sounds pretty scary -- it makes me think twice about using a Content Management System like Joomla.

Does anyone here use a Content Management System?

What does this mean?

Quote:

Joomla Banner Component Index.PHP SQL Injection Vulnerability

http://www.securityfocus.com/bid/20159/discuss

Would the above keep you from using Joomla or a similar content management system?

Have you heard postive or negative comments about Joomla?

Thanks in advance

[Crocket]

I am running Joomla on 3 sites and the security issue does have me a bit worried. But not worried to the point that I will uninstall it. The latest release was supposed to fix any security holes. I host thru dreamhost.com and the upgrades fixes are a breeze to do, but you still have to remember to upgrade.

As for running it on my sites, I love it, quick and easy to get it going "another plus having dreamhost" one click installs.

That link you posted refers to one of the componants you can load into your Joomla from a 3rd party source. Its these various componants and modules that are causing security problems.

Here is the list for the 3rd party add ons that are causing problems, http://forum.joomla.org/index.php/topic,79477.0.html

Edit to add, I wouldn't KNOW where to begin if I had to rebuild these sites, so I sure hope it gets sorted out lol

[Rhia7]

Thanks for the link, Crocket -- it has good information for those already running Joomla.

I haven't used it yet -- but the June 2006 issue of an UK magazine entitled Web builder has a section on starting Joomla -- so I have become curious

What features do you like?

Anyone interested in the basics of Jommla -- here's the main url:
http://www.joomla.org/

I'm still trying to figure out if it would speed things up for me and/or benefit me in other ways. I've seen the name a few times so I'd like to learn more about the program.

[Mr. Sal]

Quote:

I am thinking of Joomla so I am reading information about Joomla.

This is just great, while I am burning my brains with two other languages, now I have investigate what a Joomla or jam-ola it is.

I need to get before I get more this week.

[Crocket]

Gosh there are so many features that I like. You can use the wrapper, its very handy for cafepress pages. I had Warren check to see if my wrapped pages carried the cookie and it does.

Its quick and easy to create affiliate pages, copy and paste, link it to a menu, complete page in 2-3 mins maybe less.

I know that any new pages I create appear within a few days in search and are ranking on first page, this is without a great deal of SEO on my part.

Lets say that you want to run ads for a particular product every other week or month. You can create the page or module with that ad in it. Then when you want it to not show on your site, just unpublish until you want to show it again.

This comes in handy for the merchants that go offline for a short period, you don't have to delete your html, just unpublish. Then when the merchant is active, publish again with a simple click.

[Rhia7]

Quote:

Originally Posted by Mr. Sal

This is just great, while I am burning my brains with two other languages, now I have investigate what a Joomla or jam-ola it is.

I need to get before I get more this week.

I have a feeling that somehow the Joomla system facilitates the users' ability to add content -- I don't know much about it but perhaps it's worth a shot? Or at least I can read up more about the topic.

I know how you feel, Sal
I feel backlogged at the moment and if you read some of my other posts from tonight (check out the SAS subforum) you'll get a sense of some of my frustrations.

[Rhia7]

Quote:

Originally Posted by Crocket

Gosh there are so many features that I like. You can use the wrapper, its very handy for cafepress pages. I had Warren check to see if my wrapped pages carried the cookie and it does.

Its quick and easy to create affiliate pages, copy and paste, link it to a menu, complete page in 2-3 mins maybe less.

I know that any new pages I create appear within a few days in search and are ranking on first page, this is without a great deal of SEO on my part.

Lets say that you want to run ads for a particular product every other week or month. You can create the page or module with that ad in it. Then when you want it to not show on your site, just unpublish until you want to show it again.

This comes in handy for the merchants that go offline for a short period, you don't have to delete your html, just unpublish. Then when the merchant is active, publish again with a simple click.

Wow, sounds like a Heaven sent program

Thanks for the input, Crocket

[loxly]

I used to love "the nukes" both phpnuke and postnuke, and was a heavy user of open source cms systems. They get hacked. Joomla gets hacked... the nukes get hacked... mambo gets hacked. I won't use an open source cms ever again... I've been hacked and it isn't fun, especially when it requires a reformat of a 250 gig server.

They claim to make them more secure, but once the hackers are turned on to them, they find it a challenge to get back in. So no more here!!!!

[Rhia7]

Quote:

Originally Posted by loxly

I used to love "the nukes" both phpnuke and postnuke, and was a heavy user of open source cms systems. They get hacked. Joomla gets hacked... the nukes get hacked... mambo gets hacked. I won't use an open source cms ever again... I've been hacked and it isn't fun, especially when it requires a reformat of a 250 gig server.

They claim to make them more secure, but once the hackers are turned on to them, they find it a challenge to get back in. So no more here!!!!

Thanks for your input, Loxly.

I certainly don't stand a chance with the Hackers and Crackers

My current method of manually creating webpages with Dreamweaver seems slow sometimes -- so I was looking for perhaps a more efficient method.

Also Joomla seems to offer so many benefits as can be seen here:
http://pages.joomla.googlepages.com/joomla.html

It really sounds like a heaven sent program -- but I'm afraid of the Hackers

Can security be assured?

[loxly]

Quote:

Originally Posted by Rhia7

Can security be assured?

No.

[Rhia7]

Quote:

Originally Posted by loxly

No.

That says it all

I guess someone could ask me, "What part of 'No' don't your understand?"

It's just that Joomla's features are so appealing I wished that someone could say that security could be a sure thing

If I were hacked I'd be

[Leader]

NO system can "assure" security. Even government sites have been hacked on occasion.
But, some systems draw more hackers than others.

[loxly]

Quote:

Originally Posted by Leader

But, some systems draw more hackers than others.

Exactly, and once targeted and identified as vulnerable... well... they can try and plug the holes but... all the features in the world aren't worth it if your site is gone or defaced or your server is compromised.

[CanadianDave]

I have used Mambo - the predecesor to Joomla. It is great if you want to get a slick looking site up quickly. The problem was the learning curve. Figuring out the style sheets alone took weeks.

I decided to just build my own content management system in ASP. It actually took way less time mainly because when I worked in Mambo I found the feature-creep temptation far too powerful. I had all sorts of neat-o features that were totally inappropriate for my site. When I was building the backend myself, I put in only what I needed.

CanadianDave

[suzigeek]

I've used Mambo and still use Joomla for a bunch of sites. I was hacked when I was on a shared reseller host but I had daily backups so it wasn't such an issue. I don't have any login forms on my older mambo/joomla sites so there is less of an oppurtinity for them to get hacked. If you have your permissions set correctly on your files/directories you'll have less of a chance of being hacked.

There is a learning curve but I've been using them for so long its second nature. I've worte a few components for creating database affiliate sites too and they ran their run for a stretch there but now I'm using it more becuase I need all the different functionality. I'm building more authority portal type sites. All the features are what I need for these sites.

Once again there is a steep learning curve though...but there are a lot of benefits also depending on your needs.

[Rhia7]

CanadianDave & Suzigeek, thank you both for your input -- you both have interesting perspectives

[Crocket]

Well Rhia if you haven't went with Joomla by now, this thread http://forum.abestweb.com/showthread.php?t=79266 will keep you from going there.

I guess its time for me to start converting each of my sites ouch I dread the thought lol

[suzigeek]

What makes you think that was a joomla site? Any site can get hacked

Looking at the source it was generated by frontpage. Not even an opensource project.

So far today I've seen 2 posts about hacked sights and people insinuating that it had something to do with the sites being open source cms when in both cases they were not. A lot of hacks are through server vulnerabilities and not website weaknesses.

[Crocket]

Scroll to the bottom of the page and you will see all the errors : mambo=joomla (these are the same errors that I get on my Joomla site when something is out of whack)

Warning</b>: main(/includes/version.php): failed to open stream: No such file or directory in <b>/usr/home/hsmc-ul/www/includes/mambo.php

[John Kruger]

Joomla is in use on our site.

I don't think the hacked site I posted was using Joomla, but who knows.

[suzigeek]

I do see that now... I didn't scroll the hacker must be using frontpage...too bad. You need to keep you software up to date when you use projects like joomla/mambo.

Theres an exploit going around through cpanel. I just recieved a notice to upgrade it immediately on my server.

That same turkish guy hacked a bunch of mambo sites awhile back...I think one of my older ones got whacked by him, but I hadn't updated that site in a long while.

[Crocket]

Yep, when I saw that I got a bit worried. I really don't want to change my sites, especially right now TOO BUSY.

I don't have any login forms and from my understanding that causes some of the security issues.

I may just ride it out, take my chances. I do have 2 backup systems in place.

They hit some of the older phpbb's about 4 mths ago, and like you said, updates keep you from getting hacked.

[The_Todd]

Joomla went through a bit of a spell when it first broke from mambo - it was release after release for a bit. I didn't keep up with it on all my sites and a couple I neglected got hacked - there are hack-bots out there looking for you, and uploading spam scripts through exploits. With the latest version though, and a year later, they've got most everything worked out, the latest version has been extremely secure. I'm still using it. Just remember to keep checking for updates occasionally. Heres my tip, load all the scripts / plugins you use into a single bookmarks folder, and once a week open all the bookmarks.

[bill benson]

Everything is hackable. I'm just now converting from a CMS I wrote to Joomla. No reason to reinvent the wheel.

One thing you can always do is modify the standard installation slightly to keep hackers out. Rename admin sections. Use htaccess to only allow your ip access to the admin section, rename some of the critical database tables. Or just do frequent backups.

As I am writing this, I hadn't thought this through, but the htaccess ip blocking seems like a really good way to keep prying eyes out of admin sections of standard programs. You just wouldn't have access when traveling.

One thing I did for some oscommerce sites is make a separate table with credit card / customer info. Unless you are IBM, hackers probably don't want to go to incredible efforts to get into your site. The bots look for sites that are easy to hack. Do daily automatic backups, download your customer info to an excel sheet on your pc, and delete that info daily from your site.

Don't run from a good thing, just be smart about it.

Just my two cents - oh, I'm pretty new to this forum, so hello

[Mr. Sal]

Quote:

Originally Posted by Rhia7

I create my web pages using Dreamweaver.

I am thinking of converting to a content management system in the future but I am not totally sure if I should make the switch, if so -- which system should I pick?

I am thinking of Joomla so I am reading information about Joomla.

What is a Component Index.PHP SQL Injection Vulnerability????
That sounds pretty scary -- it makes me think twice about using a Content Management System like Joomla.

Does anyone here use a Content Management System?

What does this mean?


Would the above keep you from using Joomla or a similar content management system?

Have you heard postive or negative comments about Joomla?

Thanks in advance

Rhia,

I might be bumping an 8 months old thread, but since it still takes 9 months for a kid to born, I think this thread it's not that old yet.

So today, while I was researching something else, I came accross a website that have some tutorials about different subjects, one of them is about Joomla, and while I still don't dig that name, when I saw that "Joomla Tutorial", I automatically thought of you and this thread.

I don't know if you have seen this site before or not, but here is the link in case you're still interested in learning more about that Joomla thing.

Quote:

Joomla Tutorial
Joomla CMS is a multi functional Open Source application for creating websites. It is free to use and has a great community support

Maybe cckid can check out that link too, since I read that he was considering the use of either wordpress or joomla to manage his sites.