Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

•

3 likes•1,038 views

Nicholas Dionysopoulos

The sixth major revision of my security introduction presentation,

Technology

Mission: Impossible
Talking in-depth about Joomla! security in 30 minutes
or less... but I’ll try!

Updated server software
PHP, MySQL, Apache, FTP Server...

Permissions & ownership
Who can do what and where

Sane ownership &
permissions
All ﬁles and folders owned by the FTP user
Use Joomla!’s FTP mode on shared hosts
Folders 0755 permissions • Files 0644 permissions
If you “must” use 0777 (don’t!), protect with .htaccess
order deny, allow
deny from all
allow from none
Better yet, use suPHP or FastCGI

Too much to remember?
Akeeba Backup User’s Guide, Security
Information
https://www.akeebabackup.com/documentation/
akeeba-backup-documentation/security-info.html
777: The number of the beast
http://www.dionysopoulos.me/blog/777-the-number-
of-the-beast

Think before installing
Don’t be the mouse in the trap!

A terrifying thought
Password hacking super-computer: 2,700 USD
(back in 2010; much cheaper now)

How safe is your password?
Password Bits Iterations Time to crack
15082005
admin
ortrtaortftaaidbt
0rtrTA0rtfTa&idbT
horse correct battery stapler
13,6 12416 0.00038 msec
15,9 61147 0.00185 msec
67,7 2,39e+20 228.95 years
88,2 3,55e+26 340 million years
107,2 1,86e+32 178179 billion years

Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog

Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog
t
q
b
f
j
o
t
l
d

Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog
t
q
b
f
j
o
t
l
d
t
q
b
F
j
o
t
l
D

Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog
t
q
b
f
j
o
t
l
d
t
q
b
F
j
o
t
l
D
+
q
b
F
j
o
+
l
D

Derive from a sentence
the
quick
brown
fox
jumped
over
the
lazy
dog
t
q
b
f
j
o
t
l
d
t
q
b
F
j
o
t
l
D
+
q
b
F
j
o
+
l
D
+
q
b
F
j
0
+
1
D

Still unsure? Write it down
And keep it ON YOUR PERSON!
+qbFj0+1D

Use a password manager
And keep it on your person (mobile device)

Lock it down
Nothing on my site runs unless I say so

.htaccess Rules
My Master .htaccess - FREE
http://akeeba.assembla.com/code/master-htaccess/
git/nodes/htaccess.txt
Admin Tools Professional
https://www.akeebabackup.com/products/46-
software/855-admintools.html

Backups
Frequent, automated, off-site backups

Use myJoomla.com
Dead easy site auditing – and ﬁxing!

We’ve got instructions
Unhacking your site
https://www.akeebabackup.com/documentation/
walkthroughs/item/1124-unhacking-your-site.html
You do have backups, right?
You did use myJoomla.com, right?
Make sure you read the instructions before getting
hacked.

Download this presentation
http://akeeba.info/asjd13bih

Thank you for listening!
Image credits for copyrighted images: sxc.hu; istockphoto.com
Coprights of the logos and screenshots of software displayed in this presentaiton is owned by their respective companies

Similar to Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Password Storage Sucks!

nerdybeardo

In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity). As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking. This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser. https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016

Security and Privacy on the Web in 2016

Francois Marier

Django Web Application Security

levigross

Unloading Plone

Elizabeth Leddy

Crafting Secure Software - DDDEU 2019

Yvan PHELIZOT

Joomladay Switzerland - security

Wilco Jansen

My presentation slides from Steelcon 2015 on "Owning the Internet of Trash", a presentation on exploitation of endemic vulnerabilities in the so called "internet of things", with a focus on finding vulnerabilities in, exploiting, and gaining persistent access to, routers and other such embedded devices. This talk was recorded, a video will be linked soonish, and went over some basics of analysing firmware, hardware, and suchlike to find bugs in things and hack the planet!

Steelcon 2015 - 0wning the internet of trash

infodox

Sangam 18 - Database Development: Return of the SQL Jedi

Connor McDonald

Password managers have become very popular as a solution to avoid reusing passwords. With that in mind, password managers are a prized target for pentesters and attackers. If a password manager is compromised, the consequences are catastrophic as all the victim's secrets reside in the vault. One breach to get it all. LastPass is arguably one of the most popular password managers in the market. Over 10,000 corporate customers ranging in various sizes including Fortune 500's rely on LastPass to protect all their data. Research has been done on how to attack password managers but it has all focused on leaking specific credentials from the vault. LastPass not only stores credentials, but also bank accounts, ssh keys, personal records, etc. Therefore, we focused our research on finding the silver bullet to gain full access to the vault and steal all the secrets. By reversing LastPass plugins, we found several ways to do so. We will demonstrate how it is possible to steal and decrypt the master password. We also found how it is possible to abuse account recovery to ultimately obtain the encryption key for the vault. In addition, we discovered ways to bypass 2 factor authentication. We wrote a Metasploit module that takes care of all of this. The module is able to search for all LastPass data in the machine comprising all accounts present. It will find and decrypt the master password, it will derive the encryption key for the vault, it will find the 2FA trust token and it will steal the vault so it can be decrypted. All secrets in the vault will be printed out for the pen-tester's satisfaction.

Even the LastPass Will be Stolen Deal with It!

Martin Vigo

WordPress End-User Security

Dre Armeda

From HashiCorp Korea User Group Meetup 발표자: 김민규(데브시스터즈, 인프라 관리, https://github.com/synthdnb) 발표자: 김도윤(데브시스터즈, 플랫폼 API 서버 개발, https://github.com/solmonk) 발표내용: 팀의 규모가 커지면서 Secret 관리 문제가 조금씩 부각되었습니다. 예를 들면 코드에 커밋되거나, 구전으로 전해지는 Secret들, SSH Key Rotation 등의 문제를 처리하기 위해 많은 노력과 삽질이 필요했습니다. 저희 팀에서 Vault를 통해 이런 문제들을 어떻게 해결했는지 소개하려 합니다.

20명 규모의 팀에서 Vault 사용하기

Doyoon Kim

How-to crack 43kk passwords while drinking your juice/smoozie in the Hood

Yurii Bilyk

BSides Hannover 2015 - Shell on Wheels

infodox

LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker. The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.

Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo

Shakacon

Securing Your Joomla website

Mike Carson

OWASP Thailand 2016 - Joomla Security

Akarawuth Tamrareang

Presented at SCaLE 19x, Los Angeles 2022 Misconfigurations in your Kubernetes deployments can create unforeseen security vulnerabilities that can give bad actors leverage to exploit containers, nodes or even the entire control plane of your cluster. In this talk I'll show how easy it can be to break into a cluster and why using tools to find issues and enforce governance around them can make your clusters a less attractive target.

SCaLE 19x - Eric Smalling - Hardening against Kubernetes Hacks

Eric Smalling

Django cryptography

Erik LaBianca

XFLTReaT presentation from Shakacon 2017 https://www.youtube.com/watch?v=AfqNVXHz0hU This presentation will sum up how to do tunneling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunneling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunneling on your network or to bypass misconfigured filters. Our new tool XFLTReaT is an open-source tunneling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customized on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP type 0 or HTTPS TLS v1.2 with a special header, then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 33000ft on an airplane. This framework is not just a tool; it unites different technologies in the field of tunneling. While we needed to use different tunnels and VPNs for different protocols in the past like OpenVPN for TCP and UDP, ptunnel for ICMP or iodined for DNS tunneling, it changes now. After taking a look at these tools it was easy to see some commonality, all of them are doing the same things only the means of communication are different. We simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunneling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.

XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)

Balazs Bucsay

When I was introduced to drush, a command line shell and scripting interface for Drupal, I thought, “meh, I can do those tasks already in about the same time with no learning curve.” Now? “Omg omg, do you use drush? You gotta try drush! It’s awesome!” Find out why drush has transformed me into a groupie. In this session, we’ll walk through installing a Drupal site using drush, enabling modules, and common tasks like running update hooks, cron, and clearing the cache. Intimidated by the command line? We’ll cover the basics and show you how development tools like Coda enable you to use drush inside a visual environment.

Intro to Drush

Four Kitchens

Similar to Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013 (20)

Password Storage Sucks!

Security and Privacy on the Web in 2016

Django Web Application Security

Unloading Plone

Crafting Secure Software - DDDEU 2019

Joomladay Switzerland - security

Steelcon 2015 - 0wning the internet of trash

Sangam 18 - Database Development: Return of the SQL Jedi

Even the LastPass Will be Stolen Deal with It!

WordPress End-User Security

20명 규모의 팀에서 Vault 사용하기

How-to crack 43kk passwords while drinking your juice/smoozie in the Hood

BSides Hannover 2015 - Shell on Wheels

Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo

Securing Your Joomla website

OWASP Thailand 2016 - Joomla Security

SCaLE 19x - Eric Smalling - Hardening against Kubernetes Hacks

Django cryptography

XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)

Intro to Drush

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...

A Year of the Servo Reboot: Where Are We Now?

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Boost PC performance: How more available memory can improve productivity

Boost Fertility New Invention Ups Success Rates.pdf

Artificial Intelligence: Facts and Myths

MINDCTI Revenue Release Quarter One 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Exploring the Future Potential of AI-Enabled Smartphone Processors

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Why Teams call analytics are critical to your entire business

Data Cloud, More than a CDP by Matt Robison

How to Troubleshoot Apps for the Modern Connected Worker

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Strategies for Landing an Oracle DBA Job as a Fresher

HTML Injection Attacks: Impact and Mitigation Strategies

Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

1. Joomla! Security 101 version 6.0

2. Mission: Impossible Talking in-depth about Joomla! security in 30 minutes or less... but I’ll try!

3. Put your pens away Sit back and enjoy

4. Updated server software PHP, MySQL, Apache, FTP Server...

5. Permissions & ownership Who can do what and where

6. Sane ownership & permissions All ﬁles and folders owned by the FTP user Use Joomla!’s FTP mode on shared hosts Folders 0755 permissions • Files 0644 permissions If you “must” use 0777 (don’t!), protect with .htaccess order deny, allow deny from all allow from none Better yet, use suPHP or FastCGI

7. Too much to remember? Akeeba Backup User’s Guide, Security Information https://www.akeebabackup.com/documentation/ akeeba-backup-documentation/security-info.html 777: The number of the beast http://www.dionysopoulos.me/blog/777-the-number- of-the-beast

8. Update, yesterday Joomla! & extensions

9. Think before installing Don’t be the mouse in the trap!

10. Length matters

11. Your Password’s length matters

12. A terrifying thought Password hacking super-computer: 2,700 USD (back in 2010; much cheaper now)

13. How safe is your password? Password Bits Iterations Time to crack 15082005 admin ortrtaortftaaidbt 0rtrTA0rtfTa&idbT horse correct battery stapler 13,6 12416 0.00038 msec 15,9 61147 0.00185 msec 67,7 2,39e+20 228.95 years 88,2 3,55e+26 340 million years 107,2 1,86e+32 178179 billion years

14. Derive from a sentence

15. Derive from a sentence the quick brown fox jumped over the lazy dog

16. Derive from a sentence the quick brown fox jumped over the lazy dog t q b f j o t l d

17. Derive from a sentence the quick brown fox jumped over the lazy dog t q b f j o t l d t q b F j o t l D

18. Derive from a sentence the quick brown fox jumped over the lazy dog t q b f j o t l d t q b F j o t l D + q b F j o + l D

19. Derive from a sentence the quick brown fox jumped over the lazy dog t q b f j o t l d t q b F j o t l D + q b F j o + l D + q b F j 0 + 1 D

20. Derive from a sentence +qbFj0+1D

21. Still unsure? Write it down And keep it ON YOUR PERSON! +qbFj0+1D

22. Use a password manager And keep it on your person (mobile device)

23. Lock it down Nothing on my site runs unless I say so

24. .htaccess Rules My Master .htaccess - FREE http://akeeba.assembla.com/code/master-htaccess/ git/nodes/htaccess.txt Admin Tools Professional https://www.akeebabackup.com/products/46- software/855-admintools.html

25. Armor up Protect your site

26. Backups Frequent, automated, off-site backups

27. Use myJoomla.com Dead easy site auditing – and ﬁxing!

28. In spite of it all…

29. Dammit! You got hacked, now what?

30. DON’T PANIC

31. We’ve got instructions Unhacking your site https://www.akeebabackup.com/documentation/ walkthroughs/item/1124-unhacking-your-site.html You do have backups, right? You did use myJoomla.com, right? Make sure you read the instructions before getting hacked.

32. Questions?

33. Download this presentation http://akeeba.info/asjd13bih

34. Thank you for listening! Image credits for copyrighted images: sxc.hu; istockphoto.com Coprights of the logos and screenshots of software displayed in this presentaiton is owned by their respective companies

Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Recommended

Recommended

More Related Content

Similar to Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

Similar to Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013 (20)

More from Nicholas Dionysopoulos

More from Nicholas Dionysopoulos (8)

Recently uploaded

Recently uploaded (20)

Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013