I just got notified by hostgator that my site a 3.03 install was hacked (they suspected the Privilege Escalation Vulnerability, which they told me to refer to here, jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html. (Fix is turning off Allow New Users to Register)

After reviewing that page it does not seem to be an issue for 3.03, so I am installing Admin Tools Pro.

Wondered if anyone else has had an issue like this, are there other fixes I might need to know about and is updating within version 3.x painless?

What about sitelock as a service, I just took on a medical security expert as a client for his business site, and having his site hacked would be a nightmare.

There is also an exploit for uploading a file via a media manager I think that applies up to 3.1.5 and up to 2.5.14

It sounds like that is just as likely

All J3 sites at 3.03 should be upgraded as soon as possible

I'll ask the team for suggestions regarding extensions

Cheers
Paul

I have a blog post at beta using this video

vimeo.com/82268015

from siteground

Cheers
Paul

Thanks, I am updating the 3.03 site right away, are the 2.5 joomla bamboo templates compatible with 3.x, is it pretty painless to update them too?

That would depend on the template

I'd suggest if you don't have a particular reason to upgrade to J3+, sticking with 2.5 as that is still the current long term release

2.5 is currently at 2.5.17

Cheers
Paul

The vidoe does contain suggestions extension and good practice wise

Together with questions to ask your host

Cheers
Paul