We have seen a flurry of accounts being hacked due to outdated Joomla! Content Editor components (JCE). Because of this we have made the decision to go through all of our servers are remove/disable all outdated JCE components.

The reason for this is because these accounts with outdated JCE components are being hacked into, compromised, and used to send out spam. This affects the integrity of our servers and is not fair to other users on the server that are keeping their scripts and components up to date, to have to deal with a server that is blacklisted for sending out spam.

It seems that a large portion of our users are unable or unaware of the need to keep their scripts, components, plugins, extensions, and themes up to date. Disabling these outdated JCE components will hopefully bring to light why it is so important to keep things up to date.

The latest version of the Joomla! Content Editor (as of May 30, 2013) is 2.3.2.4. If you are not using 2.3.2.4 then your version is outdated and potentially dangerous. That is why it has been disabled/removed. The website for the Joomla! Content Editor is:

http://www.joomlacontenteditor.net

We wanted our users to be aware of this.

Steven

WordPress has released version 3.5.1 of their WordPress blog script.

For more information on this release see their release notes:

http://wordpress.org/news/2013/01/wordpress-3-5-1

All users are encouraged to upgrade and to make sure any themes and plugins are also updated if necessary.

Steven

Last month (Octoboer 2012) we sent out notices to users who we found to be running outdated WordPress and Joomla! scripts. We will be doing that again this month, and I hope to make this a monthly notice.

If you received a notice in October about an outdated script and you receive another one this month, this simply means that – according to our records – you have not updated the outdated script. We feel that keeping your scripts up to date is important and should be done in order to keep your website safe. That is the purpose of these notices, to inform you that you are running outdated scripts.

Once you update a script, and then keep it updated, you will not receive these outdated notices.

I hope to send the outdated notices early next week to the accounts on our servers.

Steven

As I was reading through some of my daily security updates, I came across this post from Secunia:

http://secunia.com/blog/334

which I found to be very interesting.

The article focuses mainly on why software updates on your personal computer are important (keeping Adobe Flash, Adobe Reader, Java, etc. up to date) and while this is important, this same principle can be applied to other aspects of your web life. Your web hosting account, the scripts you use for your web site, even your smartphone.

An important quote from the article:

“If you do not update your software with the latest security update, you cannot be sure that it is secure. Software has vulnerabilities, and these vulnerabilities work as a potential open door to your computer for hackers, who exploit these openings to gain access to your computer and everything on it – including your bank and credit card details, your passwords, and all your social media activity.
As NorSIS also states: ”Software programs that aren’t updated are one of the most commonly used methods by criminals to take control of private PCs. It is incredibly important to keep the programs updated.””

So again, just remember that it is important that you keep all software up to date with the latest security patches and this will greatly improve your overall web security.

Steven

Joomla! recently released version 3.0 of their popular CMS product. You can read more about Joomla! 3.0 at it’s release notes. With the release of Joomla! 3.0 I thought it might be a good idea to give an outlook on the different versions of Joomla!

Currently there are only two versions of Joomla! that are being supported by the Joomla! developers:

• Version 2.5 – Latest version as of October 8, 2012 2.5.7
• Version 3.0 – Latest version as of October 8, 2012 3.0.0

Technically speaking if you are using any version of Joomla! that is not one of these versions, then you are running an unsupported version of Joomla!

I know there are a lot of users that are still using Joomla! 1.5. Please understand Joomla! no longer supports this version and you really need to be updating to Joomla! 2.5. If you are using Joomla! 1.5 then you should consider reviewing the instructions for migrating to Joomla! 2.5. I can understand the reluctance to upgrade Joomla! because it may not be an easy process. However, please understand that if you continue to use an outdated piece of software, it puts your website and the web server in general at risk. A security hole in Joomla! 1.5 will not be patched because the Joomla! developers are no longer maintaining Joomla! 1.5. If you have questions or concerns about the upgrade process for Joomla! I strongly encourage you to ask these questions or voice these concerns at the Joomla! Forums.

While AMS Computer Services cannot provide any direct support for Joomla! As of today, October 8, 2012 we are allowing the following versions of Joomla! to run on our servers:

• Version 1.5.26
• Version 2.5.7
• Version 3.0.0

Note that this is including the latest version of Joomla! 1.5, even though it is not supported by the Joomla! developers. This just means that we will not disable any Joomla! sites that are using any of these version (1.5.26, 2.5.7, or 3.0.0). However, please note, we will not be able to allow Joomla! 1.5 indefinitely, eventually we will have to stop allowing Joomla! 1.5 on our servers, which is why all Joomla! 1.5 users need to be looking at upgrading to Joomla! 2.5. Please consider this fair warning regarding Joomla! 1.5.

If you are not using one of these versions, then your website may be susceptible to attack and as a result we may have to disable or suspend your hosting account. For example, if you are using Joomla! 1.5.22 note that this is an outdated version, you need to, at the very least, upgrade to Joomla! 1.5.26 and ideally upgrade to Joomla! 2.5.7. If you are using Joomla! 1.0.12 then you need to upgrade to either Joomla! 1.5.26 or (ideally) Joomla! 2.5.7.

Failing to keep the scripts on your website up to date means that you will be targetted for abusive attacks by malicious users.

As for Joomla! 3.0 note that this is really more of a beta release. Joomla! 3.0 is a short-term release, meaning that it is going to go through many updates over the next few months. This is not really ideal for live, production level websites. For production level sites, there is nothing wrong with staying with Joomla! 2.5 at this time, however I would encourage you to begin looking at Joomla! 3.0 and getting involved with that project because you will eventually need to upgrade to Joomla! 3.5, when it becomes a long-term release. I would stress that I really don’t recommend upgrading to Joomla! 3.0 at this time, but just that you need to be made aware of it’s existence and upgrade paths.

Steven