Welcome to WebmasterWorld Guest from 184.73.21.101

Forum Moderators: ergophobe

Message Too Old, No Replies

Data from 11,000 Infected Sites Running on a CMS

     
11:53 pm on May 19, 2016 (gmt 0)

Moderator This Forum

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8396
votes: 195


Based on our data, the three CMS platforms most being affected are WordPress, Joomla! and Magento. This does not imply these platforms are more or less secure than others.

In most instances, the compromises analyzed had little, if anything, to do with the core of the CMS application itself, but more with improper deployment, configuration, and overall maintenance by the webmasters and their hosts.
[sucuri.net...]


Most surprising to me is that 44% of Wordpress sites hacked were up to date at the time.
12:53 am on May 20, 2016 (gmt 0)

Moderator from US 

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Feb 28, 2004
posts: 3195
votes: 8


One of our clients WP site was hacked a couple of days ago. Everything was up to date. They got in through a very popular plugin.
1:37 am on May 20, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13371
votes: 377


Based on our data, the three CMS platforms most being affected are WordPress, Joomla! and Magento. This does not imply these platforms are more or less secure than others.
Last time I looked, those just happen to be the three most popular CMS platforms, so doesn't it simply imply that it's the CMS concept itself that leads to vulnerabilities?

:: detour to article ::

This user adoption however brings about serious challenges to the internet as a whole as it introduces a large influx of unskilled webmasters
What he said.
6:20 pm on May 20, 2016 (gmt 0)

Moderator This Forum

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8396
votes: 195


>>three most popular CMS platforms

Exactly. I sometimes see people take the number of vulnerabilities, including zero-day, as a measure of how insecure a system is. I have to ask them, "Do you know of a speed trap near your home where the cops like to hang out?"

"Yes"

"Do they catch a lot speeders there?"

"Yes"

"Is that because those people speed only there, but otherwise observe the speed limit?"
6:30 pm on May 20, 2016 (gmt 0)

Moderator from GB 

WebmasterWorld Administrator andy_langton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 27, 2003
posts: 3332
votes: 140


three most popular CMS platforms


I think Drupal is ahead of Magento. Wordpress seems to be over-represented compared to market share, also.
7:00 pm on May 20, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7099
votes: 436


When webmastering is reduced to plug and play functionality for Tom, Dick, and Harry that then becomes the weak link.

ALL websites are at risk. Given.

ALL CMS style websites are more prone to risk. Given.

Human nature (the only thing more common than hydrogen in the universe is human stupidity) being what it is: "path of least insistence (sic)" there's no doubt that unskilled webmasters will be more vulnerable due to reliance on third parties (plugins) for performance and functionality they have no clue on how to code.
7:15 pm on May 20, 2016 (gmt 0)

Moderator This Forum

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8396
votes: 195


Wordpress seems to be over-represented compared to market share, also.


It does, but remember that this is based on cases actually brought to Sucuri who markets the Wordpress community heavily which is also a community with a lot of unskilled webmasters who have to hire out even simple cleanups.