This incident occurred a couple of times but only today that I realize how much expensive the open source bang wagon could be. You can call me a tube light for realizing this so late.
I worked on a Joomla 1.0.x (open source and quite an established php cms software) based project a year back for a niche community of houseboaters. We spent weeks configuring the site to make it work the way my client wanted. Adding new components, creating new components, complex customizations, design, SEO, templating, etc. etc. and it all looked good at the end. The client was very pleased and so was I for what I have created out of Joomla.
It all went fine until yesterday when the site got hacked and Google kicked it out of its search results. The traffic went down drastically leaving nothing but few thousand users. Turns out that my client wasn’t really paying attention to the growing security concerns of Joomla nor was he really interested in upgrading the scripts to the latest version. Anyways, I had to act quickly and figure out the best possible way of getting the site back on Google and make the site secure once again.
I spent one whole night researching and trying to figure out the problem.. finally I found the malicious code and removed it. You can read it here.
After getting it back on Google, our challenge was to make it secure. And the only way to do that was to upgrade to the latest version of Joomla and all the components, customizations etc.
The site has grown exponentially over the year and with so much customization, it has become quite difficult to bulk upgrade the site. Now the whole upgrade project costs almost same as getting a new site.
The point here is, although free open source software comes for free, you still need to shell out quite good amount of money to make it work the way you want. Plus, maintenance and regular monitoring is essential. This hidden cost of maintenance and upgrades could hurt your business model. So, make sure to include it.
Freelancers, a tip for you would be to explain the hidden costs to your clients and sign them for a maintenance contract!
About myView: myViews are totally my point of view of things I see in the industry. Could be a good analysis or just stupidity.