07
August
(0 votes)

News

How We Handled the Recent Joomla Vulnerability

Joomla Hosting Security ReleaseWhat you have in place to protect your Joomla site is so very important when critical security issues are discovered such as the recent vulnerabilities patched by the Joomla Project with the release of Joomla 3.1.5 and 2.5.14.

Shortly after the release of 3.1.4 and 2.5.13, it was discovered that there was a security hole in the media manager that allowed for an attacker to upload malicious contents via a registered user account. It was also discovered that this vulnerability affected older, no longer supported, Joomla 1.5.x websites. Luckily some great folks in the Joomla Community released a patch for Joomla 1.5 addressing the issue. The vulnerability that these updates patched would grant a hacker access to virtually anything under the vulnerable hosting account, so it's very important that you get your sites updated if you haven't already.

While this this may sound scary to Joomla hosters, the layers of security and options we have in place make us very prepared to take on the task of protecting our customers from such a threat.

Proactive updates for 3.5.x and 2.5.x sites

Our Total Website Maintenance Plan customers never have to wonder if their sites are up-to-date with such releases. Like always, all of their site files and databases were first backed up, and then were updated to the latest version the very same day the updates were released. The same day the community released the patch for Joomla 1.5, our customers with 1.5 sites received the patch. Our maintenance plan customers also enjoy proactive updates as released by the developer to any of their Joomla extensions which have become vulnerable. Just so you're aware, vulnerable extension updates are something that nifty update services simply aren't able to perform.

We understand that some customers don't want us messing with their site files and databases and have good reasons for such, so for customers not on our maintenance plan we provide a tool named installatron to easily roll your own installs and updates. If you're using installation to manage your site with us, we do periodically backup out-of-date scripts and apply minor releases.

Insulation from inattentive site owners

There's no need to fear other customers who never update their sites when you Get Simple. All of our shared hosting accounts have layers of insulation between them and are more than secure. Even those with SSH access are only granted jailed shell access after jumping through some internal security protocols.

Addtionally, we employ very powerful malware detection and quarantine software on our servers which scan files and compares them against a database of definitions that are updated daily. Scans are performed actively as files are uploaded and as file changes are made on the server. If files are found to contain malicious content, they're immediately moved over to a quarantine area before the hacker can execute any of their malicious code. This means, should a site become hacked, the hacked site can then be easily restored from one of our managed backups and then have the necessary updates applied. This also means much more secure servers, hosting account, and prevention of issues such as mail server IP blacklisting.

What the future holds

If all of these security measures and features sound pretty swell to you, we have some pretty exciting plans for our Joomla hosting customers which will include all of this, total management of your Joomla site, something a bit cloudy, and more all rolled into one simple hosting service. We don't want to let too much out of the bag quite yet, but be aware that you should be excited…and if you really must know, feel free to contact sales so we can give you some more info.

Leave a comment

Get in Touch

Newsletter