In a previous post we looked at a business website which had been hacked. Before making the post we had contacted the site owner and advised them that their site had been compromised. The response we received was:
We know about it, it is due to old version of Joomla it is not our component problem, we plane to set up latest Joomla CMS, ok, we have fixed this problem, what you think about our component?
So what would you think about using a component from a business which knows its website has been hacked, fails to respond quickly to the hack, and then assumes that simply installing the latest version of Joomla! is the answer to the problem? Compare the above response to the thorough investigation documented here by another business site. The impressive and professional response by the second company comprised:
Example of Step-by-Step Actions to Clean up a Hacked Joomla! Website
- How I noticed something was wrong
- What is Microsoft ‘Remote Data Services Data Control’?
- HTTP Debugging with Fiddler
- ‘Yourgoogleanalytics’ and ‘Statscounter’??
- Preventing further infection
- Telling the Web Hosting Provider
- Checking my Desktop PC
- Securing the Web Hosting Account
- Tracking Down Hacking Attempts
- Online Tests for Malware in a Website
- Removing Google’s ‘This site may harm your computer’ Warning
The security of our customers websites matters to us. Had the hacked site responded in a similar way to the professional response described above, we might have continued to evaluate their component. Instead their code remains untested, the downloaded zip file has been deleted from our system and we are evaluating alternative solutions to the customer’s requirements.