Results 1 to 8 of 8

Thread: Lesser Threats

  1. #1
    Join Date
    Aug 2010
    Location
    CPU
    Posts
    2,182

    Lesser Threats

    From your experience, who has lesser threats/vulnerabilities:

    - cPanel or DirectAdmin?
    - WHMCS, Blesta, HostBill, ClientExec?
    - WordPress, Joomla, Drupal?
    - Magento, OpenCart, Prestashop?
    - vBulletin, Invision, phpBB, Simple Machine

    Lesser threats could be the amount of security patch releases, tested from the vulnerability scanner etc...
    Ask for Server IP & Nameservers IP to check if your reseller provider truly provides 100% white-label.

  2. #2
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,290
    From our extensive testing (we run a full auditing side of our business):

    - cPanel or DirectAdmin?
    Directadmin

    However cPanel is not that bad. They have really stepped up on security recently.

    Interworx is definitely up there with security as well, they are very responsive to security issues aswell.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  3. #3
    - WordPress, Joomla, Drupal?
    This is a sphere where greater popularity breeds more attacks. Wordpress is both more popular, and teaches its users to go looking for random bits of source code to drop into core files. Wordpress is hands-down the worst on security. Can't say which of Drupal vs Joomla is better objectively, but they patch their vulns quickly.

  4. #4
    Join Date
    Aug 2010
    Location
    CPU
    Posts
    2,182
    Quote Originally Posted by Steven View Post
    From our extensive testing (we run a full auditing side of our business):



    Directadmin

    However cPanel is not that bad. They have really stepped up on security recently.

    Interworx is definitely up there with security as well, they are very responsive to security issues aswell.
    I will agree with you in DirectAdmin. The simplicity of this control panel helps them to maintain it well.
    Ask for Server IP & Nameservers IP to check if your reseller provider truly provides 100% white-label.

  5. #5
    Join Date
    Aug 2010
    Location
    CPU
    Posts
    2,182
    Quote Originally Posted by NathanHawks View Post
    This is a sphere where greater popularity breeds more attacks. Wordpress is both more popular, and teaches its users to go looking for random bits of source code to drop into core files. Wordpress is hands-down the worst on security. Can't say which of Drupal vs Joomla is better objectively, but they patch their vulns quickly.
    From my experience, I'm receiving frequent security advisory in Joomla compared to WordPress.
    Ask for Server IP & Nameservers IP to check if your reseller provider truly provides 100% white-label.

  6. #6
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Quote Originally Posted by NathanHawks View Post
    This is a sphere where greater popularity breeds more attacks. Wordpress is both more popular, and teaches its users to go looking for random bits of source code to drop into core files. Wordpress is hands-down the worst on security. Can't say which of Drupal vs Joomla is better objectively, but they patch their vulns quickly.
    WordPress can be fairly easily setup to make it very unlikely to be hacked, if you know what you are doing.

    The problem is nearly always weak plugins that a naive user has installed. Select your plugins carefully - high stars with high reviewer count, good number of downloads, recent updates and support responses, good documentation - all these are clues that a plugin can be trusted. Installing a shoddy plugin is a great way to get hacked quickly, and just because they're in the WordPress repository doesn't mean they're secure or quality, that isn't assessed.

    My opinion is that Joomla is the worst - certainly we see more of those hacked than WordPress.

  7. #7
    Join Date
    Feb 2006
    Location
    Buffalo NY
    Posts
    1,348
    Quote Originally Posted by brianoz View Post
    WordPress can be fairly easily setup to make it very unlikely to be hacked, if you know what you are doing.

    The problem is nearly always weak plugins that a naive user has installed. Select your plugins carefully - high stars with high reviewer count, good number of downloads, recent updates and support responses, good documentation - all these are clues that a plugin can be trusted. Installing a shoddy plugin is a great way to get hacked quickly, and just because they're in the WordPress repository doesn't mean they're secure or quality, that isn't assessed.

    My opinion is that Joomla is the worst - certainly we see more of those hacked than WordPress.
    Also worth noting is themes are a big time culprit - a lot of times they'll include old timthumb classes and things of that nature which open them up to RFI's.
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
    Let's Encrypt Sponsor.

  8. #8
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Ah - sorry - yes, themes can be just as bad a culprit as plugins.

    Very important to always develop in child themes so themes can be updated.

Similar Threads

  1. Lesser pages indexed
    By hanschristian01 in forum SEO / SEM Discussions
    Replies: 4
    Last Post: 06-08-2010, 02:16 AM
  2. Looking for a VPS lesser than $40USD
    By Faris Aziz in forum VPS Hosting
    Replies: 17
    Last Post: 09-19-2009, 04:54 AM
  3. Lesser of two evils..
    By sgarrand in forum Web Hosting
    Replies: 7
    Last Post: 11-27-2005, 09:55 PM
  4. The Lesser of Three Evils
    By richardg1976 in forum Web Hosting Lounge
    Replies: 13
    Last Post: 02-20-2004, 10:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •