Q. What do all PHP content management systems have in common?
A. They will all have vulnerabilities if left unkept.
Unfortunately, in the fast paced world we live in, if you don't keep your CMS up to date, someone else will show you why regular updates are necessary.
Often, the most commonly exploited component of, say Joomla or Wordpress, are the plugins. The plugins in most of these CMSs are not normally updated when the base code is updated. This means that you have to update the plugins as a separate step, sometimes one by one. In addition, vulnerabilities in your favorite plugin may not be publicized to the same degree as the base system, possibly leaving you unaware of lurking problems.
A recent exploit in one of Joomla's plugins allows an attacker to upload arbitrary files to the server, which then can be used for all sorts of nefarious purposes. Of course, these scripts usually “phone home” and wait for instructions from the attacker.
Most often, preventing these attacks comes down to patching your system before you are compromised. But in the case that you are targeted, how do you know that you've been had?
Enter experienced system administrators. At tummy.com, ltd., we know what looks normal, and we know what looks awry. Mail logs on web servers that are several gigabytes? Not normal. Root's mailbox sitting pretty at 2G+? Not normal. Failed backups due to hundreds of thousands of stuck mails in the queue? Not normal.
If you don't have someone watching these sorts of things, your system contributes to the global SPAM problem while your legitimate mail gets rejected because your IP shows up on blacklists. Knowledgeable Linux experts know just how to track these vulnerabilities down and patch them up before they cause your business problems.
So what's the takeaway? Follow these simple steps to help protect your business:
Update your plugins just as often as you update your CMS. Checkout Joomla's Vulnerable Extensions List.
Reduce the amount of plugins you have installed. Maybe you installed that plugin thinking you would use it everyday, but you haven't touched it in 3 months? Just remove it.
Rely on experts to keep your operating system and software up to date. Not sure where to look? Check out our full line of hosting options.