Top of Mind from 3by400
Joomla 1.0 Sites Under Attack
We still maintain some sites that are running Joomla 1.0.15. This software officially reached its end-of-life July 22nd, 2009. In the intervening almost 16 months, there have been no security patches. That's a long time in the software security world. As a result, our 1.0 clients sites are being hacked into with increasing regularity. We wish we could apply a security patch to prevent these breaches, but none are available. We've taken all due precautions we can, but the bad guys on the Internet are devious and relentless. About all we can do now is to run a nightly integrity check and if a site has been hacked, to read in the last good backup. All this takes time and effort on our part. As a result, we'll have to start charging our clients for the time we have to spend in restoring hacked sites from backup. We hate to do this, but the only commodity we have to sell is our time, and this is starting to use it up.
Just as a reminder, our old friend Steve Burge says that a website's not like a picture you hang on the wall and look at, it's more like a car that needs maintenance and tune-ups. Or more like that an aircraft that at regular periods needs a complete engine overhaul to still be airworthy. I'm afraid the 1.0 sites are past due for such an overhaul.