[Security] Joomla! Security Concerns


Saturday, February 6th, 2010 - Security

I have seen an increase in the number of exploited Joomla! scripts on our servers. This exploit may be through an extension, component, or addon for Joomla! but I am seeing a lot of outdated Joomla! scripts on our servers.

I am going to be going through our servers in the next few days and look for outdated Joomla! scripts. You may receive an e-mail notice with this information.

It is important that you have your contact information up-to-date so that you can receive this notice and any other notice. To insure that your contact information is up-to-date with us, use the Update your Contact Information link at:

http://www.amshelp.com

If you know for certain that you have Joomla! installed on your account, now might be a good time to make sure that it is being kept up-to-date. If you have any extensions, components, or addons for your Joomla! script make sure they are being kept up-to-date as well.

For information on how to update your Joomla! script see:

Upgrading a Joomla! installation

Attention Fantastico Users: If you installed Joomla! through Fantastico, you can upgrade your Joomla! script through the Fantastico interface in your cPanel.

The latest version of Joomla! is version 1.5.15. I am seeing a lot of Joomla! installations based on the Joomla! 1.0.x tree. Please understand that the Joomla! community is no longer supporting Joomla! 1.0.x. You can read more about this from their blog post.

Fantastico is still distributing the Joomla! 1.0.x tree. We are going to look into disabling this because Joomla! 1.0.x does not need to be used. If you are installing Joomla! please install from the 1.5.x tree. Currently there is not an upgrade mechanism in Fantastico for updating a Joomla! 1.0.x install to the Joomla! 1.5.x tree. If you are using Joomla! 1.0.x then you need to upgrade to Joomla! 1.5.15, the Joomla! community has some instructions here.

If you have questions regarding Joomla! and how to upgrade your install, I would highly recommend that you visit their forums:

http://forum.joomla.org

because they will have a much, much better understanding of their software than we will.

It may become necessary to disable Joomla! scripts if they are not updated. If you do not have your contact information up-to-date or if you ignore our notices to update your Joomla! script, then we may have no choice but to disable the scripts. A vulnerable Joomla! script affects the entire server and we must consider the security of the overall server.

For updated posts concerning this, click here.

Steven