Support

Pre-sales

#40242 Admin Tools Reliability in the Absence of SSL

Posted in ‘Pre-sales and Account Questions’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Latest post by nicholas on Sunday, 04 February 2024 23:12 CST

Sunday, 04 February 2024 22:09 CST

irvinga

Hi Nicholas,

The SSL just expired on the dev site 'm working on, and just before I could get over the weekend to renew it, the site had been hacked and I could not get back into it, its now showing a 404 error after I was able too login to the backend Successfully. I don't even know what this mean; would they have been able to get into the host directory and infiltrate any other site I have or going to put up or they're only within this site
All these begs the question, would the Admin Tools have still been able to prevent such attack even after an expired SSL or what else could have made it so easy access as such? for what else I could have done win the meantime. 

 

I have always thought Joomla too be a loose CMS, but didn't know it was this bad (latest 4.4.2 version for that matter), no wonder people have run to Lavarel etc. I don't know how Joomla users are able to sleep at night. Not really sure how reliable any protection tool can be, with the CMS having such very poor core security by default. I started seeing bunch of fake accounts created but deleted them on Fri, and activated google reCaptcher, but still ?


Regards,
IA

 

fyi: I still unable to attach/upload screenshot on support ticket in case you want me to.

 

Sunday, 04 February 2024 23:12 CST

nicholas

I think the problem is, frankly, that you have no idea what the hell you’re talking about. Your TLS certificate expired which means you can no longer log into your site and not only you falsely think you’re hacked, you also choose to attack me personally, and the Joomla community as a whole. What kind of entitled jerk does that?

As one of the people who have contributed to Joomla’s core code I sleep perfectly fine at night knowing that Joomla, compared to other CMS, has much better security out of the box owing to advanced filtering by default, upload scanning, strong anti-XSS protections, and FAR STRICTER third party code best practices. As for frameworks like Laravel and Symfony, they come with none of that; they expect you to implement them yourself. 

Don’t ever contact me again. 

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!