Hi Ken,
You have two problems on your hands here. 1) Site compromise to steal the potential paypal credentials of folks donating. As you could imagine this is a pretty big deal. Paypal deals with folks responsible for credential compromise harshly as in "you may no longer use our services and we are freezing your paypal account for 21 days while we investigate and punish you". It takes one incident and they respond like rabid dogs. Next waterhole attack 2) This is where the bad guys exploit the CMS and drop malware (usually, but not always a java applet) that infects anyone visiting the site. The bad guys once they have a foothold are going to even search engine optimize the site to rank it higher and serve more malware. At some point the server will get crushed under the number of visits as the bad guys then launch spam with links to the compromised server. In the end you re-building the entire Serv?er, replacing your compromised certificates and being banned from pay pal. Sound fun? If you don't believe me feel free to post the IP address of the Server on Reddit with "Hack This". Ian ________________________________ From: [email protected] <[email protected]> on behalf of Ken DeWitt <[email protected]> Sent: March 24, 2014 09:49 To: [email protected] Subject: [SkullSpace-Discuss] joomula I have a client that does not want to upgrade their joomla install from an outdated install to an updated one. On this site they accept payments through paypal for donations. I have tried to explain to security problems of not updating the site and pointed out how easy it is to more around the site without a password. Can I get some recommendations on how to convince the client to upgrade to site. The client does not understand technology and does not understand about doing security updates to joomla. I did not start out with the site some one else did. I am not changing to a better CMS. -- Any question or comments you can email or call me at any time. I will get back to you as fast as I can. Thank you and have a nice day!! Ken DeWitt Your Fellow Tech. Guy Phone # : 204-998-3218 Email: kendewitt@y<mailto:[email protected]>ftg.ca<http://ftg.ca/>
_______________________________________________ SkullSpace Discuss Mailing List Help: http://www.skullspace.ca/wiki/index.php/Mailing_List#Discuss Archive: https://groups.google.com/group/skullspace-discuss-archive/
