thoughts and opinions on the business of building websites

A message to our Maintenance Clients about site security

  • John Pitchers
  • Blog

If you are a maintenance client of Joomstore you may have noticed we have applied 3 separate Joomla updates to your site over the past few weeks. 

Joomla released version 3.4.6 on December 14 to address a security vulnerability discovered in PHP. Hackers discovered a way to exploit this vulnerability in Joomla. The issue was further addressed by Joomla with patch 3.4.7 and then 3.4.8 on Christmas eve which we applied that day.

PHP patched the issue in September 2015 but many web hosts are still running outdated versions of PHP on their servers. Currently the Joomla forums are awash with people complaining about hacked sites. 

Symantec reports up to 20,000 daily attacks on Joomla sites scanning for this vulnerability. 

This vulnerability only affected Joomla installations on servers running outdated software. None or our maintenance client's sites have been compromised.  

We want to ensure all clients on maintenance plans that include hosting that their site is hosted in Australia on an up-to-date VPS server which we maintain as diligently as we can. We maintain a firewall on the server. In addition, sites running through CloudFlare have their traffic filtered for malicious content.

As further precaution against these types of attacks we plan to install a Web Application Firewall component on your site in the next few days. This will further help to block common exploits and brute force attacks. The component is called Akeeba Admin Tools Professional. It shouldn't have any affect on the normal operation of your site but if you notice any issues please let us know.

If you have any questions please contact us.

For clients not on a maintenance plan or potential future clients please understand that websites need to be kept up to date vigilantly. The web environment is constantly evolving. This includes server hardware, server software, browsers, websites and the methods criminals use to compromise them. It's vital that your Joomla installation and extensions are kept up to date. You can do this yourself. But, it's another task in your already busy day. This is why we provide our maintenance services and an awesome guarantee.