No, this isn’t a blog about a rollercoaster ride. It is, however, about the last couple of days with respect to WSTA’s website.
It started with rejected emails sent by board members to our constituents. Then a call that our site was showing a ‘suspended’ status when one accessed the URL. Two minutes later, we were knee deep in online chat with Tech Support regarding why no warning was given before this action was taken.
As it turns out, we had a CPU threshold which had been exceeded and our hosting provider decided the tap on the shoulder should be complete outage via suspension. The auto-messaging system had allegedly failed, hence no notice. Did I forget to mention our mail server IP also ended up blacklisted? I’m getting to the point shortly.
Ours is a Joomla website, a CMS tool which has been vulnerable of late to hacking and attacks whereby perpetrators used access to send spam. If you’re a Drupal user you’re in luck. Sort of. Your CMS is apparently more robust and less hack proof. In any case, WSTA’s site was the victim of this activity, and it was decided that suspending us was the best method of deterrence. This way, the host’s server IP and other clients could be protected whilst our business goes down the tubes.
Say whaa? If I were the sort, this is where I’d roll my neck and say ‘nu-uh!’ But I’m not. Instead, I responded with a calm yet firm stream of legal and business jargon which caused the techie on the other end to panic, apologise profusely, and put us back online post haste.
Until we were suspended again a mere hour or so later. Don’t rub your eyes for clearer vision - you read it correctly.
This time we tag teamed via online chat and phone, demanding a reasonably permanent fix. Somewhere in the process of this amusement park ride we doubled capacity and switched to a dedicated static IP. But wait! (cue Ginsu knives infomercial) This is for the website, not email. And while discoursing, the techie typed that they’d started their company because everything else available to the public was ‘crap’. Ah, yes. What would the Fortune 100 be without such descriptive words at the ready?
You heard it all here first. In the illustrious words of no one in particular, stay tuned…
I can’t QUITE agree with you in some of the details of your story. The facts are that Joomla! is no more nor no less secure than any other open source CMS.
Many users make the mistake of omitting the LAST steps in preparing a site for the internet, that of securing it.
Here’s a link to the checklist…
Read this:
http://docs.joomla.org/Category:Secu…
The other obvious omission many users make is failing to upgrade to newer versions which are hardened against common hacker tactics as soon as vulnerabilities are found.
I wish you better luck in the future.
If you read my blog in the context written, it’s about an experience we had with our host provider and is a heavily tongue-in-cheek rendition of how we were handled despite our quite extensive knowledge of technology matters. Re-read the comment(s) which tweaked you in the manner intended.
We are using Joomla 1.5.13, just released a week ago, and have indeed secured our site from our end.
The 1 point you assigned is accurate but it goes to our host provider - which was, again, the real point of the post.