Yesterday, I received this email from my web host (Web.com formally Interland). I am currently running Joomla version 1.0.10 on all of the accounts I manage. Has anyone else received similar notices?
The message reads as follows:
As our valued customer, we truly appreciate your business and are dedicated to helping your website succeed online.
PLEASE NOTE: This advisory only affects customers who are using the Mambo content management system (CMS).
As you may be aware, an update to the Mambo CMS was released on June 30, 2006. These updates are primarily intended to protect your account from critical security risks, which could be used to allow unauthorized use of your account.
WHAT WEB.COM IS DOING TO PROTECT YOUR ACCOUNT
Because of the severity of this vulnerability, Web.com will upgrade all versions of Mambo CMS prior to version 4.5.4 on July 24, 2006 between 2am and 5am.
There is a possibility that this upgrade may break your website and therefore we suggest that you validate and review your site after the upgrade takes place on July 24th. If you have issues with your site please contact Mambo as this software is not supported by Web.com. If you call Web.com you will be referred back to Mambo.
We take the security and integrity of your server seriously, and we are committed to providing you superior network and hosting performance.
No, but I understand it completely. I have the same type of rules for my web hosting customers. At the present time Joomla is very simple to upgrade and I do it for my customers that use Joomla at no charge. Some of these security issues with php programs are so sever that the entire server is at risk if the program is not upgraded. As for Mambo I don’t allow it to be installed on my servers. I only support Joomla.
The way I see it at this time the only problem with Joomla is the free extension that are out there. People that create free extension usually don’t have the time or incentives to keep them secure. I would much rather install an extension that costs money than a free one.
That is one of the reasons I came to Rocket Themes. I want to pay Andy for his work. I hope he is making a lot of money from his work. I then have the confidence that he is going to do everything he can to produce good work and secure work. Which he is. I would not use a free Joomla template unless Andy made it. If Andy is making a lot of money then he has a lot to loose if he produced sloppy, insecure work. In my way of thinking we should all be happy to pay Andy for his work.
Upgrading on some programs is much more time consuming then Joomla is at this time that I have to charge them if I do the upgrading. If they don't want to pay me to upgrade some programs I give them two days to do it their selves and if they don't upgrade then I terminate the account.
I understand completely. I contacted Web.com customer support and explained to them that I've upgraded to the most current version of Joomla!...1.0.10. I was then told by the rep, who "checked" while putting me on hold, that Mambo and Joomla were the same. I'm assuming that she meant that they are the same type of program, ie. CMS that utilizes PHP.
I just hope they don't accidentally take my site offline by attempting to do an upgrade that is not needed.