'Hackers', or more likely, the script kiddies, targets the large systems which they can get the most "cred" for cracking. I suppose that's why the systems I did have not been cracked to date.
Unfortunately, it's not always exposure they're after. Often they just want access to a box to add to their botnets.
Using HTML is OK for one, two or three skilled operators, but even then it is a bother. There will be problems with consistency, messed up pages and concurrency. When the current operator(s) move on, you need someone skilled at HTML as replacement and this person can be hard to find.
That's true. For some other websites I do, I've got a very long way using Template Toolkit which can take care of many of the consistency issues. If done right, it can also provide a good way to run a staging server to preview the site after any changes, and obvious feature which most content "management" systems seem to lack.
A CMS is great for allowing several people to cooperate on running a website, from anywhere in the world. No client software except a browser is needed unlike what you do with pure HTML.
The downside is that you know HTML, doing anything in a CMS seems painfully cumbersome, and you get the bonus risks of being hacked because your CMS was written by people who don't have a clue.
There is no easy solution. The obvious thing to do is to upgrade our Joomla version as soon as new versions are available.
Yep, and that was last done less that two weeks ago...
Putting the webserver behind a firewall, preferably a proxy firewall, seems to help a lot.
Won't help at all with this type of exploit, but may reduce the damage that they do as a result.
Even the buildt in packet filtering in Linux these days do OK for protection.
Yep - we've been using that for years. Our policy prevents opening up listening ports, which is what the second stage of many exploits rely on.
You're right that there are no easy answers. I intend to stick with Joomla for the moment, and when it gets hacked I'll just rant to the forum and get laughed at by my colleagues <img src="http://www.catsailor.com/forums/images/graemlins/grin.gif" alt="" />
The site's still off-line, I'm afraid. I'll probably collapse from jet lag this evening (although I might just get drunk first), but hopefully I'll have some time to fix it tomorrow.
Paul
