Security

In this section you can read Alledia blog posts about web security issues.

Serious IDevAffiliate Security Hole

idevaffiliateThis is an worrying security update that affects the Joomla world.

Up until now iDevAffiliate – the system used by almost every Joomla affiliate program – has stored passwords and Social Security numbers UNENCRYPTED in the database.

That means if you join an iDevAffiliate program the owner can go along and view your password whether its “12345”, “password” or something more personal. From there they can go back to your site, see other iDev programs that you’re using and try to login to those, pretending to be you. If you’re dumb enough to use the same login for your email also …

Continue reading “Serious IDevAffiliate Security Hole”

Read MoreSerious IDevAffiliate Security Hole

An Early Warning System for Hacked Sites

After Joomla’s recent security issues, people have been double-checking their sites. In some cases it’s easy to tell if your site has been hacked (the large Turkish flag and blaring music are strong hints) and on other occasions, the hackers might leave no trace.

One of my colleagues found a very subtle hack … his robots.txt file has been altered to block his entire site from being indexed by Google. The hack had been in place since June, causing him to lose all his rankings. It’s likely that this was a highly motivated rival rather than just another group of script kiddies.

Is it possible to defend against these subtle attacks? In this case, yes.

Continue reading “An Early Warning System for Hacked Sites”

Read MoreAn Early Warning System for Hacked Sites

Are You Selling Fear or Solutions?

We received an email this morning from Phil-Taylor.com listing security holes in various Joomla components.

I have an awful lot of respect for Phil and his work developing Mambo and now his components. However, I think the tone of the latest email could have been improved. People are understandably jumpy when it comes to security and I think he could have done a better job of pointing people towards freely available solutions rather than to his new security site.

There have always been third-party components with vulnerabilities and I’ve not seen any evidence that security exploits are increasing. What may be increasing is the number of hacker attacks. Some major Joomla sites are being attacked every 60-90 seconds. However, thats not much different from a computer plugged in to the internet.

Its not that difficult to secure your site. Here’s how…

Continue reading “Are You Selling Fear or Solutions?”

Read MoreAre You Selling Fear or Solutions?
Captchas

Fighting Spam with Community Builder Captchas

CaptchasPeople signing up at Alledia in weeks to come are going to have one extra field to fill in.

Recently, we’ve seen a sharp jump in the number of fake registrations and so over the weekend we added a captcha to our registration form. This problem isn’t growing because Joomla or Community Builder have security problems, but it can be simply explained by what we’ll call "Spam’s Law":

The amount of spam a software product receives is directly proportional to its popularity.

Continue reading “Fighting Spam with Community Builder Captchas”

Read MoreFighting Spam with Community Builder Captchas