Many Many more Joomla based sites are being hacked daily at the moment – and ITS NOT JOOMLA’s fault!
Firstly let me say the sites were NOT hacked through Joomla! They were all hacked through Joomla Custom Components!
If you are running Joomla 1.0.10 then there are no known security holes in that version!
extCalender • OpenSEF • phpBB Forum (com_forum) • SimpleBoard Forum • VideoDB • Mambo-SMF Forum • LoudMouth • PollXT • HashCash • perForms • Google Page Rank Module • BSQ SiteStats • MultiBanners • MiniBB • New Article Component • Advanced Poll • JomBok • ArtLinks • PCCookBook • Mambo/Joomla SiteMap (Custom Component) • Galleria • com_spray
I write this to inform you of thiese facts, and also to let you know, as our customer, that none of the components on www.phil-taylor.com have been hacked or used to hack Joomla websites! Yippee!
You should really only install components from TRUSTED sources, from developers that you trust!
Again, ALL COMPONENTS ON PHIL-TAYLOR.com Have been HACKER SAFE certified! And have no known security issues (At this moment in time ) As experts in Joomla development we take pride in checking our components with an industry standard (expensive!) scanning solution used by the big players worldwide!
We have fixed over 50 hacked sites for new customers worldwide in the last 7 days!
Fix My Site is a very unique service offered by Phil Taylor.
(This is a fee per incident based service, no contracts and no strings involved!)
Fix My Site puts a very experienced and knowledgeable Mambo and Joomla expert at your fingertips when things go wrong on your site. For a set fee, you can have Phil Taylor (Or one of our other experts) login and take a look at that problem that has causing problems on your site.
See our site at http://www.phil-taylor.com/FixMySite
ONLY TRUST THE EXPERTS! – Beware of some other help sites that simply repair your site without giving advice on how hackers gained access or how to prevent further attacks. We are not just Joomla experts, we have huge amounts of experience in this area and can draw on this experience to provide the very best solution for you.
You have been warned!
If you want to stop hackers and do information security as a career, consider information assurance training.
I read this a few days ago and though those customers that have been around over a year might enjoy the read.
A year ago, Mambo was a great CMS with a solid community and a large number of 3rd party developers contributing extensions. Today, it is struggling. IBM recently looked at open source content management systems and had this to say about Mambo, “The development path seemed confusing, and the future of this solution was not certain to us. Mambo’s development track is divided into several solutions. Miro is a commercial product and Joomla seems to be a new CMS spawned from Mambo.” And, “Mambo was very appealing from the ease of install and the UI, but the development track at the time was fractured and didn’t give us any confidence of support”.
The writer concludes:
After years of using Mambo and supporting it, this writer is moving on. Mambo has almost no 3PD contributions now that are under active development and safe to use. There is no defined development path, no roadmap, and no signs that anything is being developed. And it has no community. Goodbye Mambo, rest in peace.
I love to say – I told you all so
read the full article
I was just about to post information on this when I read another blog that said everything I wanted to say – so I am just going to copy and paste it (and link to it) here… (Spot the spelling mistakes in Peters rant below also!)
After a great deal of discussion, Mambo Communities and Ansearch Ltd mutually agreed not to proceed with the acquisition of Mambo Communities. Both companies were surprised with the backlash from the community and it became immediately obvious that a change in ownership was not in the best interest of the Mambo community. Instead we both agreed to create a supplier relationship which allows Ansearch to provide it’s search and ad technology on Mambo Communities websites and to explore ways to work together to develop and further Open Source initiatives.
Ansearch’s goal in the acquisition was to provide it’s search and ad technologies to our Mamboserver.com and MamboXchange.com websites but some members of the community saw this as an opportunity to raise their own agendas and used their positions to inject fear and distrust to again tear apart one of the world’s most successful Open source Communities.
To some degree the original acquisition plans flushed out certain people who had ulterior motives for Mambo and helped us clean up our community by exiting themselves. One thing becomes obvious during the events of the past few months: Open Source initiatives will always attract people who will use FUD in an attempt to take control. FUD can be used as a diversionary tactic used by unscrupulous people to put forth their own agendas unnoticed, so when you see someone launching a FUD attack, take the time to question their true motives. I certainly hope this is the last we see of this sort of behaviour. I have run the Mamboserver sites for almost six years now and have seen many people try to subvert Mambo and we will certainly be much more diligent in ensuring that Mambo remains a safe and positive development community in the future.
As most people know by now, I am not running in the upcoming board elections for the Mambo Foundation. I created the foundation to protect the Mambo IP and source code so that the community who developed Mambo can have democratic input into how the code progressed. Now it is time for the community to elect it’s own representatives who will take Mambo to new heights, however I will continue my own endeavours within Mambo Communities to help promote and assist Mambo in maintaining it’s position as the world’s most popular Open Source content management system.
… and here are Torkil’s comments (Yes, I agree with him totaly!):
Conclusion: If you decided to stick with Mambo at the Joomla split, you may want to reconsider.
I was scouting the web tonight and I came across this good study on the rise and fall of Mambo verses Joomla with stats from Googles new service.
Almost a year passed sice Joomla became a real CMS. Now it’s time to make a little study to find if it’s still growing and if it’s more powerful than Mambo. A few days ago Google released Google Trends , a nice and helpful tool for webmasters. This study is based on searches made by regular users on Google. I must say that this tool has a small problem. It doesn’t show the number of searches (probably milions) but you will see that it give us a clue where Joomla is compared to Mambo.
Well what a day! The last 24 hours have been manic with Tag/Tags Joomla Component released selling VERY well and LOADS of feedback and a few bug reports (Many thanks to Kenneth, Alex and Mr Eyezberg!!). I have also had the code open on my screen all day tweaking and adding.
I am pleased to announce a small roadmap – nothing fancy
0.2 Was released last night, no changes just a version number jump.
0.3 – will be released over the weekend:
0.4 – will be released next week – bug fixes only
0.5 – will be released late next week
(Today I was emailed this Press Release direct from Martin Brampton himself, I could not find a copy online so I have posted it here. ~Phil)
Mambo lead developer Martin Brampton today announced he was severing all ties with the Open Source project. His departure — which is eerily similar to the departure of an entire development team last year — comes in the wake of him finding himself unable to continue due to matters of conscience.
Mr Brampton is a respected IT developer, columnist and keynote speaker, based in the UK. He took over the lead developer role of the troubled project last September. That appointment followed the departure of former lead developer Andrew Eddie in the infamous split and eventual formation of Joomla!
His resignation from Mambo comes after internal matters had caused him great concern. “Following the Joomla! split, the Mambo Foundation appeared to take its role of governing the Mambo project more seriously. Miro International, the Melbourne software company that held all intellectual property in Mambo, addressed one of the concerns of former developers by assigning the copyright in Mambo to the Foundation,” Mr Brampton said. “I thought there was some hope for the future.”
In December 2005, Miro International Pty Ltd, announced that it had transferred the intellectual property it held in Mambo to the Mambo Foundation. On 4th April 2006, Ansearch Ltd, an Australian search engine and online media company, announced to the Australian Stock Exchange that it had entered into an agreement to buy Mambo Communities Pty Ltd. Mambo Communities is owned by Mr Peter Lamont, the owner of Miro International Pty Ltd, which is being voluntarily deregistered, and current President of the Mambo Foundation.
“This set of events started to set alarm bells ringing,” Mr Brampton said, “particularly when members of the Mambo community began asking questions on the Mambo Communities forum and being banned for their trouble.”
“Mambo Communities Pty Ltd, the company under contract of sale to Ansearch Ltd, owns the Mambo forums, help site, development forge, and latterly, the Mambo Developer Network,” Mr Brampton pointed out. “It also owns domain names. So, when questions over the ownership of the Mambo name and trademarks arose and these were met with censorship and banning, I sought the services of an Intellectual Property lawyer to act on behalf of the Mambo Foundation”.
Martin Brampton was an unofficial member of the Mambo Foundation Board at this time and sought answers to the questions being raised in the forum. “I had always asked too many questions and registered my dissatisfaction at not getting straight answers, which did not endear me to Mr Lamont and some other Board members”.
On 25th April, Martin Brampton resigned his position on the Mambo Foundation Board. Less than an hour later, the Foundation finally admitted on the Mambo Communities forum that it did not yet own the Mambo trademarks.
In the ten days following his resignation from the Board, many of the most experienced Mambo users have left. Respected support folk using the Mambo Communities forum have found their posts removed and anyone questioning current events has been banned or blocked. The project is in disarray and some developers have found their access to the Mambo Communities-owned code and development web sites blocked.
“By these and other actions, I have been placed in an untenable position. My departure from the Mambo project is effective immediately” said Mr Brampton.