Joomla People: Is J! just as good as html?

My thought is that it's much easier to have multiple people post content via Joomla than it is via dreamweaver, but for one person I'm not sure it matters much.

From what I've read on these forums, quality articles, posts, and product will generate their own traffic.

If you are talking about easily optimizing your website, I've always thought of Dreamweaver as a really good layout tool and Joomla as more of an "ease of content production" tool. So, if you accept the thought that content drives hits, then I think that Joomla would be better for you.

I'm all for exploring the benefits of new products, but for seo, I would think that using what you know would be more successful.

I'm a noob though, so take everything I think with many grains of salt.

bd99

I never recommend using open source software. Anyone can study the source code for open source software, so it's much more vulnerable to hacking. Many of the exploits are well known, and finding vulnerable sites is easy for the search savvy.

If you think this isn't an issue, just go Google terms like "Joomla hacked" and "Joomla exploits" and look at the number of search results. Any site can be hacked, but there's no sense in starting out using a platform where the vulnerabilities are well known.

Some people would say that the fact that many people can look at the source code makes it more safe because outside viewers don't have a profit motive to hide faults.

From January of this year - Microsoft confirms 17-year-old Windows bug


Being closed source is not the same thing as being secure.

With any software, keeping up to date on your patches is an essential part of being secure - regardless of whether you're dealing with microsoft, joomla, or dreamweaver.

I will say that it is probably more likely that a person would misconfigure a joomla site and that there are more potential points of entry, but if you're really worried about that stuff, then you probably already are doing wonky things with your apache or iis configs, have an ids setup in your own noc, etc.

Also, I did a yahoo search on joomla hacks and found stuff from 2007 and 2008 - the joomla hack sites were tips and tricks sites, rather than how to take over a joomla site.

Most people would be better off spending their time making sure they are current on their patches than worrying about other security issues.

Go here for more joomla security info -
Joomla! Developer - Joomla Administrators Security Checklist


YMMV

bd99

Dennis,

You forget 2 VERY big points.

1. LOTS of people can read! SO, finding the exploits, they can fix them!
2. Some "hackers" are not very bright AT ALL! So they may not understand the exploits.

Heck, by your reasoning, everyone should STOP doing internet marketing on the internet because EVERYTHING dealing with it is OPEN SOURCE! EVEN systems running 100% on "close source" M/S code that NEVER left MS MUST use an OPEN SOURCE encryption because failure to do so would make their servers incompatible with other browsers, their browsers incompatible with other servers, etc....

Sometimes, opensource is actually MORE secure.

Steve

You make some good points, bigdaddy99, especially about closed source not necessarily meaning it's secure. However, searching for "Joomla hacks" is not the same as searching for "Joomla exploits". If you want to get an idea of how prevalent Joomla exploits are, you only need to visit Joomla Exploit - database of Joomla! CMS exploits. There are 95 exploits just from this year alone. That IS something to think about.

Steve, as I said, "Any site can be hacked, but to my way of thinking there's no sense in starting out using a platform where the vulnerabilities are well known." See my reply to bigdaddy99 for how vulnerable Joomla has been to being hacked. There have been 95 exploits discovered just this year. It's only March 1, so that's an average of 1.6 per day.

It's easy to use the search engines to find sites to hack when you know the exploits. It's much more difficult to use the search engines to find sites to hack where the exploits are unknown. In fact, it's impossible. Open source gives a hacker searchable sources to hack, not using open source reduces hacking to random attacks.

I can't think of anything I'm doing online that depends on open source, outside of using Linux hosting and Apache. I depend on my web host to install the latest security updates for those, and they do a very good job of that.

I'm not saying never to use open source, sometimes it can't be avoided. I'm just saying we don't have to make it easier for hackers. I've had a site hacked twice, and both times it was through open source software. You don't have to agree with me, but I believe I am offering a valid argument and giving the OP something he should think about before making a decision.

1. Fixing them takes time, your site is vulnerable until a patch is issued. Lots of sites are hacked before that happens. This point also presumes each Joomla owner checks for security problems every day. You know that doesn't happen.

2. Because "some" hackers are not bright or may not understand the exploit doesn't mean it's safe to ignore the rest. Because some thieves are not going to steal my valuables, does that mean it's safe to assume no thieves will steal my valuables? I don't think so, that's why I lock the doors behind me when I leave.

I have all the respect in the world for you, Steve, but I believe I've offered the OP something extremely important to consider before making his decision.

As a developer with tons of experience with open-source, I see open-source as much more secure than most commercial competitors and much faster to issue updates when any vulnerabilities are discovered. The reason is the economics of the market. If Microsoft has to make a choice between fixing a defect or making a new feature, they will almost always go with the new feature due to the need to market the next version to make more dough. The open-source developers are looking at a list of defects every day and their task-list is pretty much driven by the criticality of the defects and there is no marketing department insisting that they make new stuff. I have been in both camps and I see this every time.

I have never once been attacked on my Ubuntu pc. I get tons of attacks on my Microsoft pc. Granted, the popularity of Windows over Linux means that more viruses and hackers are attracted to Windows, but I did say NEVER, not less than.

I agree with Marcdonovan but in addition one other thing must be mentioned.

The network infrastructure itself. If you are using a hosting company with proper data center security you have reduced the risks of being hacked. However,if you are using your own server(s) you must create a proper "mini" data center... including border router/firewall, internal router, access control lists, Intrusion Detection Software, vlans, proper backup procedures , etc. As for the hardware, real routers and switches(CISCO or Juniper) as opposed to the ones at Best Buy are preferred.You will require a person with CISCO or Juniper programming skills/certification to make those work properly. Software protection should be ISA Server, Cisco IDS or similar. The web server itself must also be properly configured and hardened.