Joomla Security

Page 1

JOOMLA! SECURITY 2.0

For the System Administrator

USE A HOSTING COMPANY

Good hosting companies are worth the cost.

Ask piers opinions.

Ranking on the internet are often biased and a form of advertising.

Interview the hosting company to see what are their priorities. It is good if they focus on security and server hardening.

USE A HOSTING COMPANY (CONTINUED)

Verify they configure Safe Mode OFF

Verify they configure register_globals OFF

I recommend VPS and Dedicated server

Check on their backup policies, can you use them for individual restores. Are the backups offsite.

SERVER SECURITY Close unused TCP/IP Ports Use the Joomla recommended levels of all the following: 

PHP V5

Apache

MySql

Apache mod_suphp

APACHE .HTACCESS

Joomla comes installed with a default .htaccess file, but it is called htaccess.txt. Rename this file to .htaccess and turn on “Use Apache mod_rewrite” in joomla “Global Configuration”

you can password protect directories with .htaccess

Folders = 755 , Files = 644

CSF FIREWALL

For VPS and Dedicated Servers

You can Block IP and IP Ranges

REPLACE FTP, TELNET, AND RLOGIN 

Use SFTP instead of FTP

Use SSH instead of telnet and rlogin (rsh)

Use SCP instead of RCP

Use FTP, telnet, and rlogin (rsh) are vulnerable to eavesdropping, which is one of the reasons why SSH/SCP/ SFTP are vulnerable.

SFTP AND SSH CLIENTS

SSH Client: Putty (not puttytel) 

Choose the SSH radio button

SFTP CLIENT

Use a FTP client that has a SFTP option

Filezilla is a good free choice for windows PC’s 

http://filezilla-project.org/

Choose server type SFTP

CHANGE JOOMLA! DB PREFIX

ď Ż

Change the default joomla! prefix from _jos

ď Ż

The prefix can be changed during Joomla! installation. Most of the SQL Injection code that is written to attach Joomla data bases use the default jos_ prefix. They go after the jos_user table to retrieve the super administrator user name and password.

http://www.marcofolio.net/joomla/7_tips_to_optimize_joomla_security.html

3RD PARTY EXTENSION EXPOSURES 

Only use secure 3rd party extensions

Install extension’s updates as they become available.

Joomla’sVulnerability List

http://docs.joomla.org/Vulnerable_Extensions_List 

www.exploit-db.com/search

JOOMLA ADMINISTRATOR USERS ď Ż

Change Joomla Super admin from admin and ID 62. The Following link to Joomla magazine (October) article by Nicholas K. Dionysopoulos that provides a script to change to an ID range of 1-61. http://magazine.joomla.org/index.php?option=com_k2&view=item&id=148

ď Ż

Passwords: No dictionary words. Use combinations of letters, numbers, and special characters. Change passwords on a regular basis.

WHAT ABOUT CONFIGURATION.PHP? 

You need to safeguard configuration.php 

Use 444 for permissions

Contains your DB username and password plus other information that if change will break your website.

JOOMLA EXTENSIONS

• extensions.joomla.org

BACKUP IS KEY • Akeeba • Backs

Backup is a great backup extension. up to a remote location like Amazon S3

• Backup

to a remote FTP server.

• Backing

up your joomla website is important to your security preparations. If you get hacked you may need to restore your website to good state.

• WHM

Full backups are also good

SEF

Using SEF makes your joomla! website more secure.

Makes URL readable

Masks physical directory and file location from the browsers URL line

Masks the components used

SEF (CONTINUED)

sh404SEF can send you email under certain attacks.

Can remove the generator tag that informs the visitor that it is a joomla! site. Why tell the bad guys that you are using joomla! so they can short cut their efforts to break into your website.

Blocks some Attack attempts

• www.anti-hacker.opensource-excellence.com

EYESITE

JLOGONALERT

• Tells

you when people are trying to login to site. How many times. The password they used, IP address. Backend/Frontend

GUARDXT

FINDING EXPLOITS? 

Review your http raw access logs and error logs

Review active processes and look for oddities: 

Look for IRC Bots with the name of irc 

netstat -ae | grep irc

Look for common IRC Bot Ports (6666, 6667, ..) 

netstat -ea | grep 666

I AM HACKED NOW WHAT?

Create an index.html page in your joomla root so your visitors do not see the hackers nasty landing page.

If you can get into the backend take site offline.

Inform you hosting provider, before changing anything. They are as interested in your vulnerability are you are.

I AM HACKED NOW WHAT? (CONTINUED) 

Research 

Http raw access logs

Google searches, Google Webmaster Tools

Joomla! forum

Review sites permissions, crontab, active processes

Look for new directories, files, hidden files that begin with a period “.abc” or spaces “ xyz”

I AM HACKED NOW WHAT? (CONTINUED)

Go to www.JoomlaSolutionsProvider.com for help

Find your backups. You do have backups. Don’t you?

HOW TO READ ACCESS LOGS

• http://www.bizimbal.com/docs/article01.html

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.