Mambo 4.5.4 SP3 and 4.6.1 currently have no known vulnerabilities. Older versions of Mambo are not as secure, so if you are using anything prior to 4.5.4 SP3 it would be a very good idea to update your version.

However, Mambo is only one of many applications/scripts that run on a webserver and hackers can (and do!) get access to websites through vulnerabilities in any server-side scripts.

So, how do I keep my site secure then?

Use a reliable web host with a good track record of support. Make sure you use a host that keeps their servers as secure as possible and the basic server scripts (PHP, MySQL, their control panel, phpMyAdmin, etc) updated to the latest stable releases. In general, you should not use versions of PHP and MySQL that are older than the 4.x versions.

Some hosts update to beta and RC versions - try to keep clear of these as updating before a release becomes stable means the possibility of bugs and vulnerabilities exist.

Remember, if your server space is vulnerable, hackers can get in. Many security breaches that get reported here have nothing to do with Mambo and everything to do with server security and the other scripts that are run on the server.

There are more security tips and discussions about security here: http://forum.mambo-foundation.org/fo...play.php?f=151