Hello Merjav & Co,

I wish to upgrade my account since I have the funds now and begin work on my sites, however I know you usually have sales during the holidays and with Christmas around the corner, I was wondering if you would still apply whatever discount there will be or I can only qualify if I wait. When will the promotions if any, begin?

Secondly, I have been a customer for several years but the real fear that has kept me from launching any community has been the fear of having my site hacked and not knowing what to do. Infact 2 of my installs got hacked and the report given by the host at both times, blamed it on the software installed (thus Jomsocial). This did not help with my original fears.
I have done a lot of research since then and I have a renewed confidence to try again but still not all the way certain about what I would do for clients should the site be hacked. So far I am thinking of going with Siteground as my host and investing in some of Akeeba Ltd's solutions such as Admin Tools.
What do you recommend and why and what additional advice do you have for me before I launch my community website.

Thank you.
Sincerely,
Michael Essien
Silver Spring, MD
This email address is being protected from spambots. You need JavaScript enabled to view it.

Hi Michael,

Thanks for contacting us. if you have had an existing subscription with us then the biggest discount you will get will be to log into your account and renew the license. This will give you a discount of up to 50%. We will be having promotions but none will be at the renewal rate.

In regards to security, other than an incident quite a long time ago that was fixed very fast, i am not aware of any security problems in our products. Because our component handles user logins and is a large component when a site is hacked the finger often gets pointed to us and the claim cannot be backed up. I see a lot of false reports and upon further investigation it was not the component

My advice if this is a big concern of yours would be to get a developer that you can trust and call on if you have issues. Use Akeeba for backups so you never experience any data loss. Make sure you keep all your software up to date, Joomla, components and plugin etc. A normal site that is up to date and maintained well will have no issues with security

Are you familiar with the following problem and whether it was ever resolved?

---

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Subject : Anti-virus scan reports: Your 1&1 webspace is currently under attack [Ticket AB86812377]
Date : 07/15/2014 02:15 PM
Contract :


Your contract number:
Your customer ID:
Our reference: [Ticket AB86812377]
Note: Your personal 1&1 contract number and your name certify that this e-mail was sent by 1&1.

Dear Michael Essien,

This is an urgent message concerning your 1&1 account.

A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.

Name of the file: ~/busysocialcom/protect.php

To protect you from dangerous hacker attacks, our anti-virus scanner checks
every file that is uploaded or modified. If a file exhibits malicious patterns,
it is automatically disabled.

This detection will continue to run after this message in order to disable any
other malicious file.

******************************************************************************
Important: The attack is still running. Your websites are at risk.

As long as you do not take the suitable measures to stop the attack, the
attackers will continue to access your webspace and may sooner or later harm
your websites.

The intrusion point is one of your passwords or a vulnerability in the software
that you have installed.
******************************************************************************

To ward off this attack and restore the security of your site and data, please
proceed as follows:

******************************************************************************
1. Change Your Passwords
******************************************************************************
If the intrusion point was one of your passwords, you will stop the attack quite
simply: Change that password and disable the access for the hackers.

We recommend you to change the following passwords:
- 1&1 FTP
- Admin-Password of your Joomla!, Wordpress and other content management
software

******************************************************************************
2. Update Your Software
******************************************************************************
In case the the hackers entered via a security breach in your software, you need
to update that software. Newer versions eliminate known security breaches and
protect you against further attacks.

TIP: Did you install various software modules? Hackers often place the first
malicious files in the directory with the security breach. The the malicious
file ~/busysocialcom/protect.php might therefor give you an indication on which
software you need to update.

You will find the latest versions of Joomla! and Wordpress on:
- Joomla!: www.joomla.org/download.html
- Wordpress: wordpress.org/download/

******************************************************************************
3. Rename the "admin" User
******************************************************************************
Does your content management software use the user name "admin" for the user
with administration rights?

Then simply change this user name. This being the by far most effective
protection against hacker attacks that target the administration password.

******************************************************************************

If you have any questions, simply reply to this e-mail quoting our reference
[Ticket AB86812377] in your message.

We appreciate your cooperation and look forward continuing to improve the
security of your 1&1 account.

Kind regards,

Abuse Team

--
Abuse Department
1&1 Internet Inc.





Subject : Anti-virus scan reports: Your 1&1 webspace is currently under attack [Ticket ]
Date : 09/10/2014 03:08 PM
Contract :

Your contract number:
Your customer ID:
Our reference: [Ticket AB88117192]
Note: Your personal 1&1 contract number and your name certify that this e-mail was sent by 1&1.

Dear Michael Essien,

This is an urgent message concerning your 1&1 account.

A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.

Name of the file: ~/busysocialcom/images/x.htm

To protect you from dangerous hacker attacks, our anti-virus scanner checks
every file that is uploaded or modified. If a file exhibits malicious patterns,
it is automatically disabled.

This detection will continue to run after this message in order to disable any
other malicious file.

******************************************************************************
Important: The attack is still running. Your websites are at risk.

As long as you do not take the suitable measures to stop the attack, the
attackers will continue to access your webspace and may sooner or later harm
your websites.

The intrusion point is one of your passwords or a vulnerability in the software
that you have installed.
******************************************************************************

To ward off this attack and restore the security of your site and data, please
proceed as follows:

******************************************************************************
1. Change Your Passwords
******************************************************************************
If the intrusion point was one of your passwords, you will stop the attack quite
simply: Change that password and disable the access for the hackers.

We recommend you to change the following passwords:
- 1&1 FTP
- Admin-Password of your Joomla!, Wordpress and other content management
software

******************************************************************************
2. Update Your Software
******************************************************************************
In case the the hackers entered via a security breach in your software, you need
to update that software. Newer versions eliminate known security breaches and
protect you against further attacks.

TIP: Did you install various software modules? Hackers often place the first
malicious files in the directory with the security breach. The the malicious
file ~/busysocialcom/images/x.htm might therefor give you an indication on which
software you need to update.

You will find the latest versions of Joomla! and Wordpress on:
- Joomla!: www.joomla.org/download.html
- Wordpress: wordpress.org/download/

******************************************************************************
3. Rename the "admin" User
******************************************************************************
Does your content management software use the user name "admin" for the user
with administration rights?

Then simply change this user name. This being the by far most effective
protection against hacker attacks that target the administration password.

******************************************************************************

If you have any questions, simply reply to this e-mail quoting our reference
[Ticket AB88117192] in your message.

We appreciate your cooperation and look forward continuing to improve the
security of your 1&1 account.

Kind regards,

Abuse Team

--
Abuse Department
1&1 Internet Inc.







Subject : Anti-virus scan reports: Your 1&1 webspace is currently under attack [Ticket AB87751041]
Date : 09/03/2014 06:49 AM
Contract :

Your contract number:
Your customer ID:
Our reference: [Ticket AB87751041]
Note: Your personal 1&1 contract number and your name certify that this e-mail was sent by 1&1.

Dear Michael Essien,

This is an urgent message concerning your 1&1 account.

A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.

Name of the file: ~/busysocialcom/protect.php

To protect you from dangerous hacker attacks, our anti-virus scanner checks
every file that is uploaded or modified. If a file exhibits malicious patterns,
it is automatically disabled.

This detection will continue to run after this message in order to disable any
other malicious file.

******************************************************************************
Important: The attack is still running. Your websites are at risk.

As long as you do not take the suitable measures to stop the attack, the
attackers will continue to access your webspace and may sooner or later harm
your websites.

The intrusion point is one of your passwords or a vulnerability in the software
that you have installed.
******************************************************************************

To ward off this attack and restore the security of your site and data, please
proceed as follows:

******************************************************************************
1. Change Your Passwords
******************************************************************************
If the intrusion point was one of your passwords, you will stop the attack quite
simply: Change that password and disable the access for the hackers.

We recommend you to change the following passwords:
- 1&1 FTP
- Admin-Password of your Joomla!, Wordpress and other content management
software

******************************************************************************
2. Update Your Software
******************************************************************************
In case the the hackers entered via a security breach in your software, you need
to update that software. Newer versions eliminate known security breaches and
protect you against further attacks.

TIP: Did you install various software modules? Hackers often place the first
malicious files in the directory with the security breach. The the malicious
file ~/busysocialcom/protect.php might therefor give you an indication on which
software you need to update.

You will find the latest versions of Joomla! and Wordpress on:
- Joomla!: www.joomla.org/download.html
- Wordpress: wordpress.org/download/

******************************************************************************
3. Rename the "admin" User
******************************************************************************
Does your content management software use the user name "admin" for the user
with administration rights?

Then simply change this user name. This being the by far most effective
protection against hacker attacks that target the administration password.

******************************************************************************

If you have any questions, simply reply to this e-mail quoting our reference
[Ticket AB87751041] in your message.

We appreciate your cooperation and look forward continuing to improve the
security of your 1&1 account.

Kind regards,

Abuse Team

--
Abuse Department
1&1 Internet Inc.

Hi Michael,

None of those files are Jomsocial files, so i am not sure what you mean by are they fixed. This looks like your site was compromised at some point. There are no known security issues with Jomsocial at the present time