Econet has switched on its Econet Broadband website www.econetbroadband .co.zw, after more than a month of downtime following a hacking incident in December last year. The site is noticeably still using the popular open source content management system Joomla.
We hope Econet doesn’t suffer this needless pain again. We hope no website suffers this.
What we found a bit curious on the restored Econet site is a small red ant icon on the bottom right of the site. Hovering the mouse over it shows the text “Protected by Biziant Sentry – Joomla Security Suite”. A Joomla extension to secure the site. Good move
Well, good move except for one thing; the developer of the extension specifically warns against its use on a production site, referring to the extension as “merely a proof-of-concept” in Early Alpha. Software in early alpha is in a very early stage of testing, hardly suitable for any practical use beyond just testing the software.
For its sake, I hope Econet is not overlooking this.
We’d love to know your take on Joomla security and your opinion on this particular implementation of security after restoration from the nasty hack. Please share in the comments below. How are you securing your Joomla sites?
Share
Home
25 comments
Econet is a big company, with all the money their making they should pay someone to build a secure site and to secure their servers against attacks.
Maybe they think it’s just a waste of money and time. They would rather pay their developer twice his package to add more features and attract more users….
there is nothing called a secure site and Opensource tech offers the best hope in security that commercially private developed software which are more prone to zero day attacks
Sorry have to disagree with Macd there, as someone with years of web development experience in both Joomla and more recently in secure enviroments for internet banking etc. The open source myth is simply not true.
While Joomla’s core is very well written and secure the vast list of addons are often made my one man bands or hobbiests. Secure because it is open source is simply not true, this only holds true if it is a massive open source project with many regular contributors.
If you want a secure site, you are much better off going to a company that specializes in those sorts of sites, or at very least can vet the open source addons you have installed in your site.
I think many many Zimbabwe websites are insecure and not able to handle load (look at how often the new (Joomla) Herald site is down). These sort of sites need to be handled by professional developers, not someone who can skin a Joomla installation.
I am not saying dont use open source, simply get someone who knows what they doing to do it.
Sorry have to disagree with Macd there, as someone with years of web development experience in both Joomla and more recently in secure enviroments for internet banking etc. The open source myth is simply not true.
While Joomla’s core is very well written and secure the vast list of addons are often made my one man bands or hobbiests. Secure because it is open source is simply not true, this only holds true if it is a massive open source project with many regular contributors.
If you want a secure site, you are much better off going to a company that specializes in those sorts of sites, or at very least can vet the open source addons you have installed in your site.
I think many many Zimbabwe websites are insecure and not able to handle load (look at how often the new (Joomla) Herald site is down). These sort of sites need to be handled by professional developers, not someone who can skin a Joomla installation.
I am not saying dont use open source, simply get someone who knows what they doing to do it.
but i dont see the red ant, on which page is it?
Yeah where does econet put all their money, i mean this is a huge company and they cant even afford a secure websiite!
and they want to add products that rely on security……………my foot
still looking for the red ant lol, cant find it? anyone help
Can’t load the broadband website right now so no way of telling if it’s still there. It’s possible they may have removed it.
The ant has been removed or simply made invisible
I secured my Joomla site by switching to Drupal.
Good move, Drupal is awesomesauce.
@ Chris LOL, @ Kabweza (author of article ) – Techzim uses WordPress also – open source !
Techzim does use open source and we we love it, that’s why we leave the WordPress credit at the bottom of the site so that we contribute (however small) to spreading the word.
The problem here is NOT that Econet is using an opensource content management system. What we say we find strange is that they’re are using an early alpha Joomla extension. It may not even be wrong if they know what they’re doing. We’re just pointing it out as against best practice.
the good thing about Open source is that you get the source code and you have every right to enhance or change anything as long as abide by GNU license (not Govnt Of National Unity)
thanks for the clarification
please secure your system to hackers otherwise they can cause a serious harm or problem to the company.
Not all hackers ar bad, if it was not hackers, we would not be using PCs the way we are now!
This is because CEO does not provide oversight on ICT Management! Nor do investors hold him accountable. Maybe he and his friends have controlling shares! Where is proper governance here? The removal of the ant is even more perplexing. A case of burying head in the sand. We are still very much in woods in all fronts in Zim!
??
it’s not that Joomla is insecure as a web app, it’s how it is implimented that makes it insecure. The reason why Econet and most companies do not care much about their websites and security is because the servers do not contain any sensitive content and the website, well, i think they developed it simply because we expect them to have one. Their marketing department is more into offline advertising than online. They are good at spam sms though.
Open source or not, if the baselines were not followed, econet will keep reinvesting in dealing with a stupid issue. They need to ensure that security is fosterd in all applications and makesure that the marketing department does not control the website. Please Mr masiwa enforce security
True, but who sets the baseline when all they have is probably network guys and a lot of sales execs
Some of the basic ways to secure a joomla website are creating SEF urls, this protects you from the common ” in-url” hack, another is , another is writing ur code to prevent SQL Injection which is another common hack method- there’s more but time won’t permit ryt now.