wazua Thu, Nov 28, 2024
Welcome Guest Search | Active Topics | Log In | Register

Alma, which is the best website platform
Kihangeri
#1 Posted : Wednesday, January 18, 2012 10:17:40 AM
Rank: User


Joined: 11/10/2010
Posts: 550
Location: Junction
Joomla has been exposed as a weak template which is easy to hark.

The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system:

Gurus caught napping
By inference, the man is all that Mr Phantom is not: an untrustworthy radical, divisive, too many enemies, a dictator, and a persistent liar...
Gaitho dialogues.


alma
#2 Posted : Wednesday, January 18, 2012 10:25:56 AM
Rank: Elder


Joined: 7/20/2007
Posts: 4,432
Kihangeri, there's nothing wrong with Joomla. The guys are being hacked mainly because they are not updating their security.

You will be surprised how many Kenyan sites still use Joomla 1.5. Joomla is at 1.7 stable and going to 2.5 beta. It's like buying a 504 expecting to turn the steering wheel with a finger.

Everyone is hacked, hackable and will continue being hacked whether its Joomla, wordpress or some custom made CMS. The issue is why we continue behaving like ones we set up a website, that is the end.

You think about it. Most of those sites have never been updated or improved since some fellow won a tender for 500k. It's like living in your house and never changing the furniture.

So let them be hacked. They will probably start taking things more seriously. But lets not blame Joomla. The developers and the owners of the sites are to blame.
Jose: If I make it through this thug life, I'll see you one day. The Lord is the only way to stop the hurt.
radio
#3 Posted : Wednesday, January 18, 2012 10:37:16 AM
Rank: Veteran


Joined: 11/9/2009
Posts: 2,003
@Kihangeri, as Alma says, continuous update of security patches is the key. But for this .go.ke websites, mostly there is no one who updates either the content or the security features.

Any platform can be hacked. Any serious website always has someone who keeps any eye on the latest releases of security patches. The hackers always trying to exploit the platforms.
alma
#4 Posted : Wednesday, January 18, 2012 10:43:41 AM
Rank: Elder


Joined: 7/20/2007
Posts: 4,432
By the way, I'm not hacker and never will be one. In fact, I'm always having to deal with hackers on my sites. Lakini after quickly going through those sites listed, I have to say, they should fire whoever is dealing with their sites faster than they did the Baraza tribunal.

First

90% of those sites are on Joomla 1.5 aiiii!

Second

100% of those sites are on the same server

Name Servers:
hazina.treasury.go.ke
puck.nether.net

Note all the domain names end with /html

If that is not a footprint I don't know what is. It must have taken all of 2 minutes to find the sites to hack.

Who wants to wager with me that they all have the same password. If this is Vision 2030 we are in serious trouble. By the way, I just learned that the hacker did this after following online tutorials in a forum. So he's not even a hacker but a trainee.
Jose: If I make it through this thug life, I'll see you one day. The Lord is the only way to stop the hurt.
Kihangeri
#5 Posted : Wednesday, January 18, 2012 12:29:19 PM
Rank: User


Joined: 11/10/2010
Posts: 550
Location: Junction
alma wrote:
By the way, I'm not hacker and never will be one. In fact, I'm always having to deal with hackers on my sites. Lakini after quickly going through those sites listed, I have to say, they should fire whoever is dealing with their sites faster than they did the Baraza tribunal.

First

90% of those sites are on Joomla 1.5 aiiii!

Second

100% of those sites are on the same server

Name Servers:
hazina.treasury.go.ke
puck.nether.net

Note all the domain names end with /html

If that is not a footprint I don't know what is. It must have taken all of 2 minutes to find the sites to hack.

Who wants to wager with me that they all have the same password. If this is Vision 2030 we are in serious trouble. By the way, I just learned that the hacker did this after following online tutorials in a forum. So he's not even a hacker but a trainee.


Okay. Look over across your window and you will see me waving at you. Ngong.
By inference, the man is all that Mr Phantom is not: an untrustworthy radical, divisive, too many enemies, a dictator, and a persistent liar...
Gaitho dialogues.


kingfisher
#6 Posted : Wednesday, January 18, 2012 3:03:52 PM
Rank: Elder


Joined: 4/9/2008
Posts: 2,824
bitange and company should be fired!!!! lalalalalalala
When I have money, I get rid of it quickly, lest it find a way into my heart.
Kihangeri
#7 Posted : Friday, January 20, 2012 11:34:15 AM
Rank: User


Joined: 11/10/2010
Posts: 550
Location: Junction
radio wrote:
@Kihangeri, as Alma says, continuous update of security patches is the key. But for this .go.ke websites, mostly there is no one who updates either the content or the security features.

Any platform can be hacked. Any serious website always has someone who keeps any eye on the latest releases of security patches. The hackers always trying to exploit the platforms.


Which means this FBI outfit is feared for nothing. They are also lazy and forgot to update the content and security features.

Read this from CNN---->

Most of the websites shut down by a hackers group were up and running early Friday, including the U.S. Department of Justice, FBI and some entertainment sites after one of the federal government's largest anti-piracy crackdowns.

"Hacktivist" collective Anonymous took credit for taking down the sites Thursday after the arrests of leaders of Megaupload.com and shut down the popular hub for illegal media downloads.

Hours after the announcement of the arrests, some of Megaupload's fans turned the table on the feds, knocking the U.S. Department of Justice and the FBI websites offline.

Both sites appeared to be back up early Friday. A law enforcement official told CNN the FBI was investigating.

Anonymous said 10 websites in all were targeted and early Friday the sites for music publishing and licensing group, BMI and record company Universal Music were still down.

The FBI idiots should be told to use updated Joomla Template. Alma, ama?
By inference, the man is all that Mr Phantom is not: an untrustworthy radical, divisive, too many enemies, a dictator, and a persistent liar...
Gaitho dialogues.


masukuma
#8 Posted : Sunday, January 22, 2012 9:56:29 PM
Rank: Elder


Joined: 10/4/2006
Posts: 13,821
Location: Nairobi
if you are running an open source CMS - keep it current.
All Mushrooms are edible! Some Mushroom are only edible ONCE!
hairglo
#9 Posted : Monday, January 23, 2012 8:45:28 AM
Rank: New-farer


Joined: 4/28/2011
Posts: 30
most websites, and not just in Kenya, seem "secure" because no one bothers with them, until someone puts a bit of effort. again, a website may be technically secure but many people forget the human aspect, social engineering. think Samson and Delilah
Elder
#10 Posted : Monday, January 23, 2012 2:40:02 PM
Rank: Elder


Joined: 9/7/2010
Posts: 2,148
Location: elderville
Kihangeri wrote:
radio wrote:
@Kihangeri, as Alma says, continuous update of security patches is the key. But for this .go.ke websites, mostly there is no one who updates either the content or the security features.

Any platform can be hacked. Any serious website always has someone who keeps any eye on the latest releases of security patches. The hackers always trying to exploit the platforms.


Which means this FBI outfit is feared for nothing. They are also lazy and forgot to update the content and security features.

Read this from CNN---->

Most of the websites shut down by a hackers group were up and running early Friday, including the U.S. Department of Justice, FBI and some entertainment sites after one of the federal government's largest anti-piracy crackdowns.

"Hacktivist" collective Anonymous took credit for taking down the sites Thursday after the arrests of leaders of Megaupload.com and shut down the popular hub for illegal media downloads.

Hours after the announcement of the arrests, some of Megaupload's fans turned the table on the feds, knocking the U.S. Department of Justice and the FBI websites offline.

Both sites appeared to be back up early Friday. A law enforcement official told CNN the FBI was investigating.

Anonymous said 10 websites in all were targeted and early Friday the sites for music publishing and licensing group, BMI and record company Universal Music were still down.

The FBI idiots should be told to use updated Joomla Template. Alma, ama?


I believe that what brought down those websites were Distributed Denial of Service attacks. So how would you have expected the FBI to stop the DDoS attack? And how would have an update of content and security features helped?
He who can express in words the ardour of his love, has but little love to express. - Petrach, Son. (That men by various ways arrive at the same end. - Montaigne, The Essays of.)
g-mi
#11 Posted : Sunday, January 29, 2012 1:44:20 AM
Rank: New-farer


Joined: 1/10/2011
Posts: 29
Location: nyahururu
who is to blame the sysadmin or the developer? this again brings up the beef b2n the 2, where the sysadmin is a die hard believer in minimal installations and only stable releases on production system, on the other hand the developer wants to update their packages(untested ofcos) on a production system!!!
The opposite of love is not hate but apathy. So too, the opposite of courage is not fear but mediocrity
D32
#12 Posted : Sunday, February 19, 2012 10:48:36 AM
Rank: Member


Joined: 2/16/2012
Posts: 808
Kihangeri wrote:
Joomla has been exposed as a weak template which is easy to hark.

The Administration Police website has been hacked several times in the recent past. At the same time, most of the websites hacked appear to have been running the Joomla Content Management system:

Gurus caught napping


The best would have to be a customized organic system that was built from the ground up.

With such a system, hackers will have no idea of the architecture that was used, nor will they know the vulnerabilities. Of course the developers will need to meet the laid security policies, such as but not limited to SSL. They will also have to comply with the "Best Practices" in security.

With open-source-ware, hackers can easily study the open code, identify where the weakness is, then attack, while on the other hand, with a customized web app or website, the hacker would have to depend on luck, such as guessing a password. But before they can even begin guessing the password, they will have to find out where the login page is, since it is a customized system.

Even if joommla is fully updated, the plugins can open doors to the system and make the system vulnerable to hacks.

Yes, carelessness can also contribute to vulnerabilities.

A list of unsafe Joomla plugins:
http://docs.joomla.org/Vulnerable_Extensions_List

From SQL Injection to cross site scripting, and everything in between.

If you really do depend upon using an existing system, I would then highly recommend a migration to Drupal. It is powerful, highly customizable, not as easy to use compared to joomla. It is faster, more stable, more scalable and more secure, but an organic system is better.

A good comparisson of wordpress with joomla with drupal:
http://www.socialtechnol...omparison-cms-solutions

Anyone migrating to drupal will love CCK & Views - One or drupals best kept secrets.

Remember, even though there is technology to develop database driven websites, it is not always a must to do so, static websites have a place too. They are much more secure and faster than the best database driven websites. There is almost no vulnerability from the site itself. Should the site be disrupted, it would highly probably be from an attack on the server.

DDoS attacks on the server are common, that is what happened in the recent attack on the US Gov sites following the SOPA saga. A DDos attack is not really a hack, it simply causes the server to crash by flooding it with requests. DDos attacks cannot be prevented by the type of application or website running on the server. Once the server is down, rebooting it is probably all that will need to be done, to bring it back up, but going further to adjust the firewall rules based on the patterns that was observed in the log files, will help minimize the effects of future attacks.
They tried to bury us, they didn't know we were seeds.
KenyanLyrics
#13 Posted : Sunday, February 19, 2012 3:02:43 PM
Rank: Veteran


Joined: 4/16/2010
Posts: 906
Location: Nairobi
@D32 Joomla has CCK, and views in Joomla = template overrides.

Anyway, as you said government sites need to be built with some sort of proprietary system, either built from the ground up, or one of the expensive systems like Expression Engine or WordpressVIP. This will increase the barrier to entry for crackers.
D32
#14 Posted : Monday, February 20, 2012 12:21:27 AM
Rank: Member


Joined: 2/16/2012
Posts: 808
KenyanLyrics wrote:
@D32 Joomla has CCK, and views in Joomla = template overrides.

Anyway, as you said government sites need to be built with some sort of proprietary system, either built from the ground up, or one of the expensive systems like Expression Engine or WordpressVIP. This will increase the barrier to entry for crackers.


Yes, CCK and template overrides can be done in Joomla, but they do not come close to what can be accomplished with CCK & views in Drupal, more especially with views V.2 & V.3.
They tried to bury us, they didn't know we were seeds.
a4architect.com
#15 Posted : Monday, February 20, 2012 12:59:35 PM
Rank: Veteran


Joined: 1/4/2010
Posts: 1,668
Location: nairobi
wordpress is best for the creative mind..
As Iron Sharpens Iron, So one Man Sharpens Another.
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Copyright © 2024 Wazua.co.ke. All Rights Reserved.