How secure is your Joomla! site? Are you employing the most basic security principles to protect it? Learn all about it in an easy to follow presentation suitable even for beginners.
7. 777: The number of the beast
Permissions are doors; don’t leave them open
http://akeeba.info/777
Πέμπτη, 31 Μαρτίου 2011
8. Sensible permissions
Ask your host to enable suPHP or Apache’s mod_itk
Site root 0755 or 0700
Directories 0755
Files 0644
If you “must” use 0777 (don’t!) protect with .htaccess:
order deny, allow
deny from all
Πέμπτη, 31 Μαρτίου 2011
9. Don’t be a sitting duck
It’s duck season!
Πέμπτη, 31 Μαρτίου 2011
10. Mind your prefix
Nobody wants to be a jos_
http://akeeba.info/prefix
Πέμπτη, 31 Μαρτίου 2011
11. 62 reasons to fire your Super Administrator
or 42, depending on Joomla! version...
http://akeeba.info/62-reasons
Πέμπτη, 31 Μαρτίου 2011
12. Security Kung-Fu
You can’t kill a Ninja
http://akeeba.info/ninja
Πέμπτη, 31 Μαρτίου 2011
13. Visual fingerprinting
Seeing is believing and then some
tm
pl=
of
fl
in
e
p =1
t
y
mplate= ja_purit
http://akeeba.info/ninja te
Πέμπτη, 31 Μαρτίου 2011
21. Blind Elephant
nicholas@teapot:~/blindelephant$ ./BlindElephant.py mysite.com joomla
Loaded /home/nicholas/projects/3rdparty/blindelephant/trunk/src/build/lib.linux-x86_64-2.6/blindelephant/
dbs/joomla.pkl with 33 versions, 3696 differentiating paths, and 122 version groups.
Starting BlindElephant fingerprint for version of joomla at http://joomla.ubuntu.web
Hit http://joomla.ubuntu.web/media/system/js/validate.js
Possible versions based on result: 1.5.17, 1.5.18
Hit http://joomla.ubuntu.web/includes/js/joomla.javascript.js
Possible versions based on result: 1.5.17, 1.5.18
Hit http://joomla.ubuntu.web/media/system/js/caption.js
Possible versions based on result: 1.5.17, 1.5.18
Hit http://joomla.ubuntu.web/media/system/js/openid.js
Possible versions based on result: 1.5.17, 1.5.18
Hit http://joomla.ubuntu.web/templates/rhuk_milkyway/css/template.css
Possible versions based on result: 1.5.17, 1.5.18
Fingerprinting resulted in:
1.5.17
1.5.18
Best Guess: 1.5.18
http://akeeba.info/ninja
Πέμπτη, 31 Μαρτίου 2011
23. More protection for you
e!
re Master 5 €
f The 1
Admin Tools
.htaccess Professional
http://akeeba.info/master-
http://akeeba.info/atpro
htaccess
use coupon code
JDNL11
Πέμπτη, 31 Μαρτίου 2011
24. That’s me...
and this is the perfect
time to ask me
questions!
Πέμπτη, 31 Μαρτίου 2011
25. That’s all folks!
Want the slides? http://akeeba.info/security-101
Πέμπτη, 31 Μαρτίου 2011