22 Jan

2014

Hosting Joomla 1.5?

so-hipster

Recently there has been a growing buzz on the web that there are hosts taking quite a solid stand against having Joomla 1.5 on their servers. So in the light of the event I would like to take a minute and explain the SiteGround view point: what are the challenges of hosting Joomla 1.5 and how do we face them.

Is Joomla 1.5 really insecure?

The answer to this question right now is:  NO.

Currently there is no known vulnerability in this version that has not been addressed by the Joomla developers.  In August 2013, there has been a serious security issue that affected Joomla 1.5 after its official support was discontinued. Nonetheless the Joomla team released a patch, so that people still using this version can fix the issue.

So why messages about Joomla 1.5 being intolerably insecure are in circulation? There are two reasons. First, it is true that Joomla 1.5 is no longer supported, so providing a patch for any future vulnerability is not guaranteed. Still there is a difference between current vulnerability and a possible future one. Second, the standard way to fix vulnerability by upgrading your software is no longer applicable for Joomla 1.5.  The best you can hope for in case of vulnerability is a patch, not a new updated 1.5 version. Well, applying a patch is not a rocket science, but it requires a little more effort than hitting an upgrade button and this decreases the number of users that do it.

So how does SiteGround handle these Joomla 1.5 security challenges?

In August, when the Joomla vulnerability affecting 1.5 versions was announced, we made two things:

  1. We researched the vulnerability and created a patch on a server level that will stop hackers from exploiting it on our servers, even if there are vulnerable 1.5 Joomlas. We have done this in multiple other cases affecting different applications and versions. We are quite experienced in reacting to such issues and feel comfortable that if another 1.5 vulnerability appears in the future, we will be able to protect our customers even if no patch is officially released.
  2. Besides our own server level fix we manually applied the official patch to all Joomla 1.5 hosted on our servers. It is true that it took some effort (on our part, not our customers’), but we strongly believed that it was the best course of action.

Details about how we handled the case can be read in our Serious Joomla vulnerability Blog post.

Should you upgrade to a more recent Joomla version?

The answer to this question is: YES

We do recommend that all people move to the supported versions of Joomla as soon as possible. However, we know that migrating from 1.5 to any of the other two currently supported versions (2.5 and 3) can be a challenging task.

So how does SiteGround make the switch easier?

In this case we do not believe in the negative motivation: we don´t intend to send our customers packing if they don´t upgrade or to exaggerate the danger of using 1.5. Instead we have worked with Brian Teeman, one of the Joomla founders. He has produced a full video course, sponsored by our company, which explains how the move from 1.5 to 3 can be made. The tutorial is freely available for anyone, but we also emailed all our Joomla 1.5 users announcing its existence and explaining in details why it is a good idea to make the move.

I believe that people using Joomla 1.5 should move forward as soon as possible. However, I am aware why this is not such an easy step for most of them, and we, as a host, have decided to respect their choice.

Author: Lilyana Yakimova

Marketing Director

I have been with SiteGround since it was born and it has always amazed me to watch this company grow and develop its unique personality. My rewarding and challenging job is to help SiteGround communicate its strengths in the best way possible, learn from its mistakes and become a better person, oops, I meant a better brand!

Comments (9):

  1. Gary says:

    Great post Lilyana.
    I think what’s happening in the market place is people are being panicked into migrating to Joomla 2.5+. This being helped along by some companies looking to benefit from the extra work.

    For my company, we explain to our clients that we can maintain their Joomla1.5 site for the forseable future using best practice support. Where they would benefit most from a migration is in moving their site forward, inline with current trends and technologies.

    This is harder to do in J1.5 and for me is THE reason to migrate. This should then be integrated into a roadmap for the site and planned accordingly…NEVER panick!

    Keep up the great work.
    All the best
    Gary

  2. Rob says:

    Well done Lilyana.
    People are rushing into migrating to Joomla 2.5+. The Web development companies at the same time want to make money as well.
    Best of Luck
    Rob

  3. William Falstaff says:

    I don’t understand what are the reason to criticze so heavily Joomla but as web-designer I am using Joomla 1.5 in many web pages are developing and I didn’t have any special trouble to implement it. Perhaps, those problemsa re experienced because some people don’t know how to use it.

  4. Valerie says:

    Hi

    I was surprised to read this as I upgraded or created new websites from scratch when I was told that there would be security issues with 1.5 and in some cases this was a real pain as 2.5 did not include sections and all the data had to be recatagorized ec.

    Did I do all this work and expense and it wasnt necessary?

    Siteground is an ace host but Im confused…could you clarify?

    Thankyou

    • Lily says:

      Hi Valeri,

      your effort was definitely worthwhile and necessary and I am happy that you were motivated by our initiative to take this step.

      Using an officially unsupported version of Joomla is something we do not want to encourage in any way. However, the point of the post above was to explain that we believe in motivating, instead of forcing, our customers do the move.

  5. Ian Rudge says:

    A useful solution for affected clients who don’t want to pay for costly template conversion to v2.5/3 standards is to use WinHTTrack to create a static copy of the 1.5 site whilst it’s still live. Do strip any redundant javascript of course, as it may contain vulns. Results are good if the main purpose of the site is simply to display static pages. Less so if interactive features are needed.

    The risks of continuing to use Joomla 1.5 are very real, we recently had a small social group site (on other hosting) hacked and turned into a spam robot. That was the last of the 1.5 sites, and thankfully Joomla in all versions is now history for us.

    v2.5/3? No thanks. As Mr Townshend advised with a power-chord on his guitar, it’s best not to get fooled again.

  6. jack arnold says:

    Mr. Rudge, what have you implemented in place of Joomla? WordPress, by any chance?

  7. website design development says:

    I feel satisfied after finding this one.For my company, we explain to our clients that we can maintain their Joomla1.5 site for the forseable future using best practice support. Where they would benefit most from a migration is in moving their site forward, inline with current trends and technologies.

  8. Donald McCubbin says:

    Hi Lilyana

    Thanks for your post. I have Joomla 1.7.3 and have been debating an upgrade to 2.5, and perhaps then on to 3.x.

    Nice to hear that you have been with SiteGround since it was born! Unfortunately, my site was hit with a denial of service attack, and we have been essentially kicked off of the SiteGround, unless we buy a much more expensive service. Disappointing that SG did not support us.

    Don