Even if you may think that your site has nothing worth stealing, there are for sure tens of attempts daily that you are not even aware of. A lot of so called "script kiddies" are running automated intrusion attempts on lists of sites, lists that may include your website. Securing your Joomla website is a blend of careful planning, making sure you run the latest software versions, and always keeping up with the latest community announcements. There are some tips that help you secure your website and allow you to have a better protection against attackers.
In 1995, two iconic movies were released, giving the modern outlaw a new shape and purpose. 'The Net' and 'Hackers' perfectly depicted the idea of conflict between new technology/new risks. Other than the fact that we all remember the sexy, short haired version of Angelina Jolie and the young, fresh Sandra Bullock, these two blockbusters introduced the world to a new type of villain: the hacker.
So, what is a hacker? A super nerdy kid who has been constantly suffering from getting bullied, finding peace and comfort in RPGs, 4chan boards and hentai? Or an intelligent young man, underpaid, unappreciated, possibly still single? The truth is somewhere inbetween; hackers come in all shapes, sizes and backgrounds. They can be the quiet dude in Chemistry class, but a real riot on IT forums, the chubby part timer at Starbucks, intentionally misspelling your name on the cup because he got bored. They can even be the 30 year-old virgin, still living with his parents after dropping out of high school. These are merely a few stereotype examples Hollywood is using to portray hackers, but the truth is anybody with Internet connection and basic to medium IT&C knowledge can find the back door to your website. You don't have to be a genius to learn a few things about how they work, especially since they are getting easier and easier to build and manage.
See Related Article:
Browsing the web, you will notice that people are categorising hackers, according to their skill level or benevolent/malevolent intentions. (For more information, feel free to read these descriptions: http://www.secpoint.com/types-of-hacker.html).
After analysing the above categories, a question arises: can we always make the difference between white hats and black hats? For example, if someone shows up on your virtual doorstep and tells you they just breached the security of your website, should you really alert the authorities? Invite them in, offer them a cup of tea and start talking about how you could improve your site's vulnerable parts. Indeed, many hackers out there don't just test out the security levels for fun, their main focus is how many accounts they can render penniless. Theft is theft and it should be punished accordingly, however the modern interpretation of the Robin Hood concept seems to fall in a rather grey area. This is true mostly because the victims of hacker attacks or cyberterrorism are people or organizations which do not have a clean agenda.
If you are the administrator of a Joomla! website, your concerns with security can easily be solved if you respect a few basic principles: