Page 1 of 2 12 LastLast
Results 1 to 25 of 37
  1. #1
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    Joomla: Postive or Negative Comments?
    I create my web pages using Dreamweaver.

    I am thinking of converting to a content management system in the future but I am not totally sure if I should make the switch, if so -- which system should I pick?

    I am thinking of Joomla so I am reading information about Joomla.

    What is a Component Index.PHP SQL Injection Vulnerability????
    That sounds pretty scary -- it makes me think twice about using a Content Management System like Joomla.

    Does anyone here use a Content Management System?

    What does this mean?
    Joomla Banner Component Index.PHP SQL Injection Vulnerability

    http://www.securityfocus.com/bid/20159/discuss
    Would the above keep you from using Joomla or a similar content management system?

    Have you heard postive or negative comments about Joomla?

    Thanks in advance
    Last edited by Rhia7; September 24th, 2006 at 01:03 AM. Reason: Changed title so post will entice more readers
    ~Rhia7 -- Remember the 7
    Twitter me

  2. #2
    Full Member Crocket's Avatar
    Join Date
    September 11th, 2006
    Location
    Ohio
    Posts
    420
    I am running Joomla on 3 sites and the security issue does have me a bit worried. But not worried to the point that I will uninstall it. The latest release was supposed to fix any security holes. I host thru dreamhost.com and the upgrades fixes are a breeze to do, but you still have to remember to upgrade.

    As for running it on my sites, I love it, quick and easy to get it going "another plus having dreamhost" one click installs.

    That link you posted refers to one of the componants you can load into your Joomla from a 3rd party source. Its these various componants and modules that are causing security problems.

    Here is the list for the 3rd party add ons that are causing problems, http://forum.joomla.org/index.php/topic,79477.0.html

    Edit to add, I wouldn't KNOW where to begin if I had to rebuild these sites, so I sure hope it gets sorted out lol

  3. #3
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    Thanks for the link, Crocket -- it has good information for those already running Joomla.

    I haven't used it yet -- but the June 2006 issue of an UK magazine entitled Web builder has a section on starting Joomla -- so I have become curious

    What features do you like?

    Anyone interested in the basics of Jommla -- here's the main url:
    http://www.joomla.org/

    I'm still trying to figure out if it would speed things up for me and/or benefit me in other ways. I've seen the name a few times so I'd like to learn more about the program.
    ~Rhia7 -- Remember the 7
    Twitter me

  4. #4
    ABW Veteran Mr. Sal's Avatar
    Join Date
    January 18th, 2005
    Posts
    6,795
    I am thinking of Joomla so I am reading information about Joomla.
    This is just great, while I am burning my brains with two other languages, now I have investigate what a Joomla or jam-ola it is.

    I need to get before I get more this week.
    ...

  5. #5
    Full Member Crocket's Avatar
    Join Date
    September 11th, 2006
    Location
    Ohio
    Posts
    420
    Gosh there are so many features that I like. You can use the wrapper, its very handy for cafepress pages. I had Warren check to see if my wrapped pages carried the cookie and it does.

    Its quick and easy to create affiliate pages, copy and paste, link it to a menu, complete page in 2-3 mins maybe less.

    I know that any new pages I create appear within a few days in search and are ranking on first page, this is without a great deal of SEO on my part.

    Lets say that you want to run ads for a particular product every other week or month. You can create the page or module with that ad in it. Then when you want it to not show on your site, just unpublish until you want to show it again.

    This comes in handy for the merchants that go offline for a short period, you don't have to delete your html, just unpublish. Then when the merchant is active, publish again with a simple click.

  6. #6
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    Quote Originally Posted by Mr. Sal
    This is just great, while I am burning my brains with two other languages, now I have investigate what a Joomla or jam-ola it is.

    I need to get before I get more this week.
    I have a feeling that somehow the Joomla system facilitates the users' ability to add content -- I don't know much about it but perhaps it's worth a shot? Or at least I can read up more about the topic.

    I know how you feel, Sal
    I feel backlogged at the moment and if you read some of my other posts from tonight (check out the SAS subforum) you'll get a sense of some of my frustrations.
    ~Rhia7 -- Remember the 7
    Twitter me

  7. #7
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    Quote Originally Posted by Crocket
    Gosh there are so many features that I like. You can use the wrapper, its very handy for cafepress pages. I had Warren check to see if my wrapped pages carried the cookie and it does.

    Its quick and easy to create affiliate pages, copy and paste, link it to a menu, complete page in 2-3 mins maybe less.

    I know that any new pages I create appear within a few days in search and are ranking on first page, this is without a great deal of SEO on my part.

    Lets say that you want to run ads for a particular product every other week or month. You can create the page or module with that ad in it. Then when you want it to not show on your site, just unpublish until you want to show it again.

    This comes in handy for the merchants that go offline for a short period, you don't have to delete your html, just unpublish. Then when the merchant is active, publish again with a simple click.

    Wow, sounds like a Heaven sent program

    Thanks for the input, Crocket
    ~Rhia7 -- Remember the 7
    Twitter me

  8. #8
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    I used to love "the nukes" both phpnuke and postnuke, and was a heavy user of open source cms systems. They get hacked. Joomla gets hacked... the nukes get hacked... mambo gets hacked. I won't use an open source cms ever again... I've been hacked and it isn't fun, especially when it requires a reformat of a 250 gig server.

    They claim to make them more secure, but once the hackers are turned on to them, they find it a challenge to get back in. So no more here!!!!
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  9. #9
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    Quote Originally Posted by loxly
    I used to love "the nukes" both phpnuke and postnuke, and was a heavy user of open source cms systems. They get hacked. Joomla gets hacked... the nukes get hacked... mambo gets hacked. I won't use an open source cms ever again... I've been hacked and it isn't fun, especially when it requires a reformat of a 250 gig server.

    They claim to make them more secure, but once the hackers are turned on to them, they find it a challenge to get back in. So no more here!!!!
    Thanks for your input, Loxly.

    I certainly don't stand a chance with the Hackers and Crackers

    My current method of manually creating webpages with Dreamweaver seems slow sometimes -- so I was looking for perhaps a more efficient method.

    Also Joomla seems to offer so many benefits as can be seen here:
    http://pages.joomla.googlepages.com/joomla.html

    It really sounds like a heaven sent program -- but I'm afraid of the Hackers

    Can security be assured?
    ~Rhia7 -- Remember the 7
    Twitter me

  10. #10
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    Quote Originally Posted by Rhia7
    Can security be assured?
    No.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  11. #11
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    Quote Originally Posted by loxly
    No.
    That says it all

    I guess someone could ask me, "What part of 'No' don't your understand?"

    It's just that Joomla's features are so appealing I wished that someone could say that security could be a sure thing

    If I were hacked I'd be
    ~Rhia7 -- Remember the 7
    Twitter me

  12. #12
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    NO system can "assure" security. Even government sites have been hacked on occasion.
    But, some systems draw more hackers than others.

  13. #13
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    Quote Originally Posted by Leader
    But, some systems draw more hackers than others.
    Exactly, and once targeted and identified as vulnerable... well... they can try and plug the holes but... all the features in the world aren't worth it if your site is gone or defaced or your server is compromised.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  14. #14
    ABW Ambassador
    Join Date
    November 25th, 2005
    Posts
    639
    I have used Mambo - the predecesor to Joomla. It is great if you want to get a slick looking site up quickly. The problem was the learning curve. Figuring out the style sheets alone took weeks.

    I decided to just build my own content management system in ASP. It actually took way less time mainly because when I worked in Mambo I found the feature-creep temptation far too powerful. I had all sorts of neat-o features that were totally inappropriate for my site. When I was building the backend myself, I put in only what I needed.

    CanadianDave

  15. #15
    Crazy like a fox suzigeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,096
    I've used Mambo and still use Joomla for a bunch of sites. I was hacked when I was on a shared reseller host but I had daily backups so it wasn't such an issue. I don't have any login forms on my older mambo/joomla sites so there is less of an oppurtinity for them to get hacked. If you have your permissions set correctly on your files/directories you'll have less of a chance of being hacked.

    There is a learning curve but I've been using them for so long its second nature. I've worte a few components for creating database affiliate sites too and they ran their run for a stretch there but now I'm using it more becuase I need all the different functionality. I'm building more authority portal type sites. All the features are what I need for these sites.

    Once again there is a steep learning curve though...but there are a lot of benefits also depending on your needs.
    Suz~~GearGirl~~

  16. #16
    What's the word? Rhia7's Avatar
    Join Date
    January 13th, 2006
    Posts
    9,578
    CanadianDave & Suzigeek, thank you both for your input -- you both have interesting perspectives
    ~Rhia7 -- Remember the 7
    Twitter me

  17. #17
    Full Member Crocket's Avatar
    Join Date
    September 11th, 2006
    Location
    Ohio
    Posts
    420
    Well Rhia if you haven't went with Joomla by now, this thread http://forum.abestweb.com/showthread.php?t=79266 will keep you from going there.

    I guess its time for me to start converting each of my sites ouch I dread the thought lol

  18. #18
    Crazy like a fox suzigeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,096
    What makes you think that was a joomla site? Any site can get hacked

    Looking at the source it was generated by frontpage. Not even an opensource project.

    So far today I've seen 2 posts about hacked sights and people insinuating that it had something to do with the sites being open source cms when in both cases they were not. A lot of hacks are through server vulnerabilities and not website weaknesses.
    Suz~~GearGirl~~

  19. #19
    Full Member Crocket's Avatar
    Join Date
    September 11th, 2006
    Location
    Ohio
    Posts
    420
    Scroll to the bottom of the page and you will see all the errors : mambo=joomla (these are the same errors that I get on my Joomla site when something is out of whack)

    Warning</b>: main(/includes/version.php): failed to open stream: No such file or directory in <b>/usr/home/hsmc-ul/www/includes/mambo.php

  20. #20
    ABW Ambassador John Kruger's Avatar
    Join Date
    January 18th, 2005
    Location
    At my computer
    Posts
    645
    Joomla is in use on our site.

    I don't think the hacked site I posted was using Joomla, but who knows.
    Respectfully,

    John

    ----------------------------------------------
    work = Initiate Demand
    passion = Global Ground Work

  21. #21
    Crazy like a fox suzigeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,096
    I do see that now... I didn't scroll the hacker must be using frontpage...too bad. You need to keep you software up to date when you use projects like joomla/mambo.

    Theres an exploit going around through cpanel. I just recieved a notice to upgrade it immediately on my server.

    That same turkish guy hacked a bunch of mambo sites awhile back...I think one of my older ones got whacked by him, but I hadn't updated that site in a long while.
    Suz~~GearGirl~~

  22. #22
    Full Member Crocket's Avatar
    Join Date
    September 11th, 2006
    Location
    Ohio
    Posts
    420
    Yep, when I saw that I got a bit worried. I really don't want to change my sites, especially right now TOO BUSY.

    I don't have any login forms and from my understanding that causes some of the security issues.

    I may just ride it out, take my chances. I do have 2 backup systems in place.

    They hit some of the older phpbb's about 4 mths ago, and like you said, updates keep you from getting hacked.

  23. #23
    Newbie
    Join Date
    April 11th, 2007
    Posts
    39
    Joomla went through a bit of a spell when it first broke from mambo - it was release after release for a bit. I didn't keep up with it on all my sites and a couple I neglected got hacked - there are hack-bots out there looking for you, and uploading spam scripts through exploits. With the latest version though, and a year later, they've got most everything worked out, the latest version has been extremely secure. I'm still using it. Just remember to keep checking for updates occasionally. Heres my tip, load all the scripts / plugins you use into a single bookmarks folder, and once a week open all the bookmarks.

  24. #24
    Newbie
    Join Date
    April 10th, 2006
    Posts
    10
    Smile
    Everything is hackable. I'm just now converting from a CMS I wrote to Joomla. No reason to reinvent the wheel.

    One thing you can always do is modify the standard installation slightly to keep hackers out. Rename admin sections. Use htaccess to only allow your ip access to the admin section, rename some of the critical database tables. Or just do frequent backups.

    As I am writing this, I hadn't thought this through, but the htaccess ip blocking seems like a really good way to keep prying eyes out of admin sections of standard programs. You just wouldn't have access when traveling.

    One thing I did for some oscommerce sites is make a separate table with credit card / customer info. Unless you are IBM, hackers probably don't want to go to incredible efforts to get into your site. The bots look for sites that are easy to hack. Do daily automatic backups, download your customer info to an excel sheet on your pc, and delete that info daily from your site.

    Don't run from a good thing, just be smart about it.

    Just my two cents - oh, I'm pretty new to this forum, so hello

  25. #25
    ABW Veteran Mr. Sal's Avatar
    Join Date
    January 18th, 2005
    Posts
    6,795
    Mainly for Rhia7 question about Joomla.
    Quote Originally Posted by Rhia7
    I create my web pages using Dreamweaver.

    I am thinking of converting to a content management system in the future but I am not totally sure if I should make the switch, if so -- which system should I pick?

    I am thinking of Joomla so I am reading information about Joomla.

    What is a Component Index.PHP SQL Injection Vulnerability????
    That sounds pretty scary -- it makes me think twice about using a Content Management System like Joomla.

    Does anyone here use a Content Management System?

    What does this mean?


    Would the above keep you from using Joomla or a similar content management system?

    Have you heard postive or negative comments about Joomla?

    Thanks in advance
    Rhia,

    I might be bumping an 8 months old thread, but since it still takes 9 months for a kid to born, I think this thread it's not that old yet.

    So today, while I was researching something else, I came accross a website that have some tutorials about different subjects, one of them is about Joomla, and while I still don't dig that name, when I saw that "Joomla Tutorial", I automatically thought of you and this thread.

    I don't know if you have seen this site before or not, but here is the link in case you're still interested in learning more about that Joomla thing.

    Joomla Tutorial
    Joomla CMS is a multi functional Open Source application for creating websites. It is free to use and has a great community support
    Maybe cckid can check out that link too, since I read that he was considering the use of either wordpress or joomla to manage his sites.

+ Reply to Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Joomla
    By Peaces in forum AvantLink -AV
    Replies: 0
    Last Post: December 12th, 2011, 01:26 PM
  2. Joomla
    By Garzilla in forum Blogging, Mobile and Social Media
    Replies: 25
    Last Post: April 9th, 2010, 04:13 PM
  3. Joomla
    By tmmmandm in forum Programming / Datafeeds / Tools
    Replies: 2
    Last Post: February 25th, 2006, 06:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •