You are probably wondering, or at least you should be wondering, how "the bad guys" hack websites. I am in the camp of "Responsible Full Disclosure". I believe that if the bad guys are sharing information on how to break into sites, even the good guys should know about it. I have noted that on joomla.org the prevailing opinion is to "not show or tell". That's fine I guess, except it is derived from the false premise that doing so will encourage the bad guys who read it. And truly, there are some people who would attack other sites. However, there still needs to be a responsible disclosure because the bad guys are already reading the underground sites and exchanging this information. Yes, if your site is compromised don't publicize the URL, but share details about the attack such as where it came from (logs), and other information that will be useful for other administrators. Do NOT share the actual attack in public. Rather PM (Personal message) the security...
Joomla! Web Security
Joomla! Web Security
Overview of this book
Table of Contents (16 chapters)
Joomla! Web Security
Credits
About the Author
About the Reviewer
Preface
Free Chapter
Let's Get Started
Test and Development
Vulnerabilities
Anatomy of Attacks
How the Bad Guys Do It
php.ini and .htaccess
Log Files
SSL for Your Joomla! Site
Incident Management
Customer Reviews