Actions

Difference between revisions of "Top 10 Stupidest Administrator Tricks"

From Joomla! Documentation

m
Line 1: Line 1:
10. Go with the [http://www.google.com/search?q=cheap+hosting cheapest hosting provider]
+
'''10.''' Go with the [http://www.google.com/search?q=cheap+hosting cheapest hosting provider]
 
you can find, preferably a shared server that hosts hundreds of other
 
you can find, preferably a shared server that hosts hundreds of other
 
sites, some of which are high-traffic porn sites. Don't check the list
 
sites, some of which are high-traffic porn sites. Don't check the list
 
of [http://forum.joomla.org/index.php/topic,95678.0.html recommended hosting providers].
 
of [http://forum.joomla.org/index.php/topic,95678.0.html recommended hosting providers].
  
9. Don't waste time with regular backups. Maybe the hosting provider will help you.
+
'''9.''' Don't waste time with regular backups. Maybe the hosting provider will help you.
  
8. Don't waste time adjusting PHP and Joomla! settings for increased
+
'''8.''' Don't waste time adjusting PHP and Joomla! settings for increased
 
security. Hey, the install was brain-dead easy. How bad could the rest
 
security. Hey, the install was brain-dead easy. How bad could the rest
 
be? Worry about those details only if there's a problem.
 
be? Worry about those details only if there's a problem.
  
7. Use the same username and password
+
'''7.''' Use the same username and password
 
for your on-line bank account, Joomla! administrator account, Amazon
 
for your on-line bank account, Joomla! administrator account, Amazon
 
account, Yahoo account, etc. Hey, who has time to keep track of so many
 
account, Yahoo account, etc. Hey, who has time to keep track of so many
Line 16: Line 16:
 
just use the same one all the time, everywhere.
 
just use the same one all the time, everywhere.
  
6. Install your
+
'''6.''' Install your
 
brand new beautiful Joomla!-powered site, celebrate a job well done,
 
brand new beautiful Joomla!-powered site, celebrate a job well done,
 
and don't worry about it again. After all, if you don't make any more
 
and don't worry about it again. After all, if you don't make any more
 
changes, what can go wrong?
 
changes, what can go wrong?
  
5. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server
+
'''5.''' Do all upgrades and extension installations right there on the live site. Who needs a development and testing server
 
anyway? If an installation fails, you'll just uninstall it again. That
 
anyway? If an installation fails, you'll just uninstall it again. That
 
will hopefully also undo any damage the installation caused.
 
will hopefully also undo any damage the installation caused.
  
4. Trust all third-party extensions, and install all the cool-looking stuff
+
'''4.''' Trust all third-party extensions, and install all the cool-looking stuff
 
you can find. Anyone smart enough to write a Joomla! extension will
 
you can find. Anyone smart enough to write a Joomla! extension will
 
provide perfect code that blocks every known exploit attempt, now and
 
provide perfect code that blocks every known exploit attempt, now and
 
forever. After all, almost all this stuff is provided for free by http://dev.joomla.org/content/view/13/53/ well-meaning, good-hearted people] who [http://dev.joomla.org/component/option,com_jd-wiki/Itemid,31/id,tips:make_secure/ know what they are doing].
 
forever. After all, almost all this stuff is provided for free by http://dev.joomla.org/content/view/13/53/ well-meaning, good-hearted people] who [http://dev.joomla.org/component/option,com_jd-wiki/Itemid,31/id,tips:make_secure/ know what they are doing].
  
3. Don't worry about updating to the [http://www.joomla.org/content/blogcategory/32/66/ latest version of Joomla!].
+
'''3.''' Don't worry about updating to the [http://www.joomla.org/content/blogcategory/32/66/ latest version of Joomla!].
 
Hey, nothing's gone wrong so far, and if it ain't broke don't fix it!
 
Hey, nothing's gone wrong so far, and if it ain't broke don't fix it!
 
Same plan for the third-party extensions. Too much work anyway.
 
Same plan for the third-party extensions. Too much work anyway.
  
2. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: <b><i>&quot;Help! My Site's Been Hacked!&quot;</i></b>
+
'''2.''' When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: <b><i>&quot;Help! My Site's Been Hacked!&quot;</i></b>
 
Be sure not to leave relevant information, such as which obsolete
 
Be sure not to leave relevant information, such as which obsolete
 
versions of Joomla! and third party extensions were installed.<br />
 
versions of Joomla! and third party extensions were installed.<br />
  
1. Once your site's been cracked, fix the defaced file and then assume all
+
'''1.''' Once your site's been cracked, fix the defaced file and then assume all
 
is well. Don't check raw logs, change your passwords, remove the entire
 
is well. Don't check raw logs, change your passwords, remove the entire
 
directory and rebuild from clean backups, or take any other overly paranoid-seeming action.
 
directory and rebuild from clean backups, or take any other overly paranoid-seeming action.

Revision as of 23:25, 28 March 2008

10. Go with the cheapest hosting provider you can find, preferably a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites. Don't check the list of recommended hosting providers.

9. Don't waste time with regular backups. Maybe the hosting provider will help you.

8. Don't waste time adjusting PHP and Joomla! settings for increased security. Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.

7. Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.

6. Install your brand new beautiful Joomla!-powered site, celebrate a job well done, and don't worry about it again. After all, if you don't make any more changes, what can go wrong?

5. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server anyway? If an installation fails, you'll just uninstall it again. That will hopefully also undo any damage the installation caused.

4. Trust all third-party extensions, and install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by http://dev.joomla.org/content/view/13/53/ well-meaning, good-hearted people] who know what they are doing.

3. Don't worry about updating to the latest version of Joomla!. Hey, nothing's gone wrong so far, and if it ain't broke don't fix it! Same plan for the third-party extensions. Too much work anyway.

2. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: "Help! My Site's Been Hacked!" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions were installed.

1. Once your site's been cracked, fix the defaced file and then assume all is well. Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming action. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.