Actions

Difference between revisions of "Top 10 Stupidest Administrator Tricks"

From Joomla! Documentation

m
m (not a category:Security FAQ)
 
(24 intermediate revisions by 7 users not shown)
Line 1: Line 1:
10. Go with the [http://www.google.com/search?q=cheap+hosting cheapest hosting provider]
+
===About This List ===
you can find, preferably a shared server that hosts hundreds of other
+
sites, some of which are high-traffic porn sites. Don't check the list
+
of [http://forum.joomla.org/index.php/topic,95678.0.html recommended hosting providers].
+
  
9. Don't waste time with regular backups. Maybe the hosting provider will help you.
+
This list originally [http://forum.joomla.org/viewtopic.php?f=267&t=117767 appeared late one night on the Joomla Forums] after one developer ended a particularly long round of crack recovery. The post struck many a nerve among Joomlaists far and wide, and has been translated into several languages. Some nerves were near the funny bone, others painfully far from it. Your experience may vary.
 +
----
 +
<br/>
 +
'''10. Use the [http://www.google.com/search?q=cheap+hosting cheapest hosting provider] you can find.'''
  
8. Don't waste time adjusting PHP and Joomla! settings for increased
+
: Preferably use a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites. Don't check the list of recommended hosting providers.
security. Hey, the install was brain-dead easy. How bad could the rest
+
<blockquote style="border:1px solid navy; padding:10px; background-color:cornsilk;">
be? Worry about those details only if there's a problem.
+
: FYI: You can use a tool such as Robtex (if you are using a shared Hosting Provider) to see who you are sharing space with and if you should be proactive to request a move to another shared space. For example: http://www.robtex.com/dns/joomla.org.html, or for REALLY cool information: Google.com: http://www.robtex.com/dns/google.com.html. This shows domain, shared, whois, blacklist, analysis, contact...
 +
</blockquote>
 +
'''9. Don't waste time with regular backups.'''
  
7. Use the same username and password
+
: Maybe the hosting provider will help you out.
for your on-line bank account, Joomla! administrator account, Amazon
+
account, Yahoo account, etc. Hey, who has time to keep track of so many
+
passwords? And anyway, since you don't change passwords, it's easier to
+
just use the same one all the time, everywhere.
+
  
6. Install your
+
'''8. Don't waste time adjusting PHP and Joomla! settings for increased security.'''
brand new beautiful Joomla!-powered site, celebrate a job well done,
+
and don't worry about it again. After all, if you don't make any more
+
changes, what can go wrong?
+
  
5. Do all upgrades and extension installations right there on the live site. Who needs a development and testing server
+
: Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.
anyway? If an installation fails, you'll just uninstall it again. That
+
will hopefully also undo any damage the installation caused.
+
  
4. Trust all third-party extensions, and install all the cool-looking stuff
+
'''7. Use the same username and password for everything.'''
you can find. Anyone smart enough to write a Joomla! extension will
+
provide perfect code that blocks every known exploit attempt, now and
+
forever. After all, almost all this stuff is provided for free by http://dev.joomla.org/content/view/13/53/ well-meaning, good-hearted people] who [http://dev.joomla.org/component/option,com_jd-wiki/Itemid,31/id,tips:make_secure/ know what they are doing].
+
  
3. Don't worry about updating to the [http://www.joomla.org/content/blogcategory/32/66/ latest version of Joomla!].
+
: Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.
Hey, nothing's gone wrong so far, and if it ain't broke don't fix it!
+
Same plan for the third-party extensions. Too much work anyway.
+
  
2. When your site gets cracked, panic your way on over to the Joomla! Forums and start a new post with a very familiar title: <b><i>&quot;Help! My Site's Been Hacked!&quot;</i></b>
+
'''6. Install your brand new beautiful Joomla!-powered site, and celebrate a job well done.'''
Be sure not to leave relevant information, such as which obsolete
+
 
versions of Joomla! and third party extensions were installed.<br />
+
: Don't worry about it again. After all, if you don't make any more changes, what can go wrong?
 +
 
 +
'''5. Do all upgrades on the live site right away.'''
 +
 
 +
: Who needs a development and testing server anyway? If an installation fails, you'll just uninstall it again. That will hopefully also undo any damage the installation caused.
 +
 
 +
'''4. Trust third-party extensions.'''
 +
 
 +
: Install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who  know what they are doing.
 +
 
 +
'''3. Don't worry about updating to the [http://www.joomla.org/content/blogcategory/32/66/ latest version of Joomla!]'''
 +
 
 +
: Hey, nothing has gone wrong so far, and if it ain't broke don't fix it! Same plan for the third-party extensions. Too much work; life's a beach.
 +
 
 +
'''2. When your site gets cracked, panic your way into the Joomla! Forums.'''
 +
 
 +
: Start a new post with a very familiar title: <b><i>&quot;My Site's Been Hacked! (sic)&quot;</i></b> Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions you installed.<br />
 +
 
 +
'''1. Once your site's been cracked, fix the defaced ''index.php'' file and assume all else is well.'''
 +
 
 +
: Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming action. When the attackers return the next day, scream loudly that you've been &quot;hacked again,&quot; and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.
  
1. Once your site's been cracked, fix the defaced file and then assume all
 
is well. Don't check raw logs, change your passwords, remove the entire
 
directory and rebuild from clean backups, or take any other overly paranoid-seeming action.
 
When the attackers return the next day, scream loudly that you've been
 
&quot;hacked again,&quot; and it's all Joomla!'s fault. Ignore the fact that
 
removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.
 
  
  
 
<!-- KEEP THIS AT THE END OF THE PAGE -->
 
<!-- KEEP THIS AT THE END OF THE PAGE -->
 
[[Category:Security]]
 
[[Category:Security]]

Latest revision as of 16:28, 17 October 2012

About This List

This list originally appeared late one night on the Joomla Forums after one developer ended a particularly long round of crack recovery. The post struck many a nerve among Joomlaists far and wide, and has been translated into several languages. Some nerves were near the funny bone, others painfully far from it. Your experience may vary.



10. Use the cheapest hosting provider you can find.

Preferably use a shared server that hosts hundreds of other sites, some of which are high-traffic porn sites. Don't check the list of recommended hosting providers.
FYI: You can use a tool such as Robtex (if you are using a shared Hosting Provider) to see who you are sharing space with and if you should be proactive to request a move to another shared space. For example: http://www.robtex.com/dns/joomla.org.html, or for REALLY cool information: Google.com: http://www.robtex.com/dns/google.com.html. This shows domain, shared, whois, blacklist, analysis, contact...

9. Don't waste time with regular backups.

Maybe the hosting provider will help you out.

8. Don't waste time adjusting PHP and Joomla! settings for increased security.

Hey, the install was brain-dead easy. How bad could the rest be? Worry about those details only if there's a problem.

7. Use the same username and password for everything.

Use the same username and password for your on-line bank account, Joomla! administrator account, Amazon account, Yahoo account, etc. Hey, who has time to keep track of so many passwords? And anyway, since you don't change passwords, it's easier to just use the same one all the time, everywhere.

6. Install your brand new beautiful Joomla!-powered site, and celebrate a job well done.

Don't worry about it again. After all, if you don't make any more changes, what can go wrong?

5. Do all upgrades on the live site right away.

Who needs a development and testing server anyway? If an installation fails, you'll just uninstall it again. That will hopefully also undo any damage the installation caused.

4. Trust third-party extensions.

Install all the cool-looking stuff you can find. Anyone smart enough to write a Joomla! extension will provide perfect code that blocks every known exploit attempt, now and forever. After all, almost all this stuff is provided for free by well-meaning, good-hearted people who know what they are doing.

3. Don't worry about updating to the latest version of Joomla!

Hey, nothing has gone wrong so far, and if it ain't broke don't fix it! Same plan for the third-party extensions. Too much work; life's a beach.

2. When your site gets cracked, panic your way into the Joomla! Forums.

Start a new post with a very familiar title: "My Site's Been Hacked! (sic)" Be sure not to leave relevant information, such as which obsolete versions of Joomla! and third party extensions you installed.

1. Once your site's been cracked, fix the defaced index.php file and assume all else is well.

Don't check raw logs, change your passwords, remove the entire directory and rebuild from clean backups, or take any other overly paranoid-seeming action. When the attackers return the next day, scream loudly that you've been "hacked again," and it's all Joomla!'s fault. Ignore the fact that removing a defaced file is not even step one in the difficult process of fully recovering a cracked site.