An upgrade certainly would increase security. But anytime you're running a content management system, you need to be on top of security updates. You should, at a minimum, be checking once a month with every component, to ensure that it's up to date. Better is once a week, but once a month is usually sufficient for low traffic sites. New exploits tend not to get into automated scanning tools for months. And automated scans is generally how CMS sites get infected or modified with malware.
Also remember that the more plugins and addons you run with your site, the more likely it is for your site to be exploitable, and the more complicated it will be to check every component. Given that your site is already compromised, 17-18 hours to not only upgrade everything, but also go through all of your past content, to ensure it hasn't been compromised, as well, sounds reasonable. Also, I would suggest that you have some sort of backup process running, taking a tarball of the site files, as well as a database dump, at least once a week, and kept for at least 6 months. On Tue, May 8, 2018 at 2:28 PM, Michael L <[email protected]> wrote: > Hello NLUG, > I believe my employer's website, GraceAndTruth.Net was compromised resulting > in PayPal donations being redirected to who knows where. Another hack seems > to be a robot confirming being human and sending spam via contact form. > > Our site was developed using a version of Joomla that needs to be upgraded. > We have an estimate for upgrading taking about 17 to 18 hours. Does this > sound reasonable? > > I'm "guessing" an upgrade would increase security. But is that a cure all? > > If anyone on this list has some web development experience and can provide > some input / guidance, I would appreciate it. > > Thank you > Michael > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- Tilghman -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
