WordPress Joomla Drupal, Magento . You name the CMS 2014 was a big year for bots, brute force attack hacks and vulnerabilities, and unfortunately two years later, it seems that the uptick seen in 2014 was just an introduction to the future. Of course the internet has long been a place where this happens, and the almighty security guru’s have done a very decent job of keeping the rest of us informed about the threats, patching holes and educating the industry on how to batten down the hatches, of course, we can never be 100% certain what the next strain on security will be, what the method of attack or how long it will be before the a new pattern or outbreak becomes apparent and the security guru’s figure out how its being done this time.
In 2014 expressly though, it became apparent, that the perhaps the biggest hole in the internet, is web site owners that do not update.
In January and March of 2014, security experts warned of the increase of probes for the Joomla JCE vulnerability that has been known now for several years, and addressed by updates, but it would seem that many Joomla site’s didn’t get the memo, or chose to ignore it. As a developer, I must admit this is lucrative. Please, feel free to call on me if your site gets hacked, and I will be more than happy to help. Honestly though, it would be far more cost effective for you and easier for me if you just update your site and plugins before you get hacked. Into the Wild… .
In some reported instances, site’s have been hacked using an SQL (database) exploits and in some cases injecting an adminstrative user without a name sometimes that doesn’t show in the wordpress admin but has full privileges. This gives them access to editing tools that allows them to change files and settings, by which they can add malware, bypass security and otherwise wreak havoc.
Unfortunately for you, if you are on the same shared server as a vulnerable site, you can be just as vulnerable as they are, not only for hacks but for email reputation and site penalties. In a perfect hosting environment, to protect their other customers the shared servers, webhosts would have been alerting those clients update or vacate, but that is not how it works, usually.
The best defense is always a good offense, and this adds to the many reasons that for you to to keep their CMS software, plugins and themes updated and patched. If you look at your access logs, you can see the queries for vulnerable software and holes, they are searching for the low hanging fruit. Don’t be fruit. Update, whether your website still works or not, whether you use my services or someone elses!
You will be making the the internet a better place.