SlideShare ist ein Scribd-Unternehmen logo

JD11NL - Joomla! Security 101

AkeebaBackup.com
AkeebaBackup.com

How secure is your Joomla! site? Are you employing the most basic security principles to protect it? Learn all about it in an easy to follow presentation suitable even for beginners.

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
Joomla! Security 101 What to do before disaster strikes http://akeeba.info/security-101 Πέμπτη, 31 Μαρτίου 2011
Hi, I’m Nicholas Dionysopoulos and I bet you can’t pronounce my last name http://akeeba.info/me Πέμπτη, 31 Μαρτίου 2011
The basics What we’re supposed to do and rarely do it Πέμπτη, 31 Μαρτίου 2011
Frequent, tested backups Would you jump off a plane without a parachute? http://akeeba.info/backup Πέμπτη, 31 Μαρτίου 2011
Update, yesterday Yesterday’s code is tomorrow’s hack http://akeeba.info/basic-security Πέμπτη, 31 Μαρτίου 2011
Protect your backend The login is not enough Πέμπτη, 31 Μαρτίου 2011
777: The number of the beast Permissions are doors; don’t leave them open http://akeeba.info/777 Πέμπτη, 31 Μαρτίου 2011
Sensible permissions Ask your host to enable suPHP or Apache’s mod_itk Site root 0755 or 0700 Directories 0755 Files 0644 If you “must” use 0777 (don’t!) protect with .htaccess: order deny, allow deny from all Πέμπτη, 31 Μαρτίου 2011
Don’t be a sitting duck It’s duck season! Πέμπτη, 31 Μαρτίου 2011
Mind your prefix Nobody wants to be a jos_ http://akeeba.info/prefix Πέμπτη, 31 Μαρτίου 2011
62 reasons to fire your Super Administrator or 42, depending on Joomla! version... http://akeeba.info/62-reasons Πέμπτη, 31 Μαρτίου 2011
Security Kung-Fu You can’t kill a Ninja http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
Visual fingerprinting Seeing is believing and then some tm pl= of fl in e p =1 t y mplate= ja_purit http://akeeba.info/ninja te Πέμπτη, 31 Μαρτίου 2011
Visual fingerprinting RewriteCond %{QU ERY_STRING} (&|% 3F){1,1}tp= [OR] RewriteCond %{QU ERY_STRING} (&|% 3F){1,1} template= [OR] RewriteCond %{QU ERY_STRING} (&|% 3F){1,1}tmpl= [NC] RewriteRule ^(.* )$ - [R=404,L] http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
PHP has a big mouth and that’s not water cooler gossip! http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
PHP has a big mouth http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
PHP has a big mouth http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
PHP has a big mouth RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F36- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F34- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F35- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^ %3F=PHPB8B5F2A0- 3C92-11d3-A3A9-4 C7B08C10000 RewriteRule ^(.* )$ - [R=404,L] http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
Blind Elephant Meet your supervillain http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
Blind Elephant http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
Blind Elephant nicholas@teapot:~/blindelephant$ ./BlindElephant.py mysite.com joomla Loaded /home/nicholas/projects/3rdparty/blindelephant/trunk/src/build/lib.linux-x86_64-2.6/blindelephant/ dbs/joomla.pkl with 33 versions, 3696 differentiating paths, and 122 version groups. Starting BlindElephant fingerprint for version of joomla at http://joomla.ubuntu.web Hit http://joomla.ubuntu.web/media/system/js/validate.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/includes/js/joomla.javascript.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/media/system/js/caption.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/media/system/js/openid.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/templates/rhuk_milkyway/css/template.css Possible versions based on result: 1.5.17, 1.5.18 Fingerprinting resulted in: 1.5.17 1.5.18 Best Guess: 1.5.18 http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
Blind Elephant RewriteRule ^(im ages/stories/*. (jpe[g,2]?|jpg| png|gif|bmp|css| js|swf|htm[l]?)) $ $1 [L] RewriteCond %{RE QUEST_FILENAME} -f RewriteCond %{HT TP_REFERER} !^ht tp[s]{0,1}://(.+ .)?www.example .com [NC] RewriteRule .(j pe[g,2]?|jpg|png |gif|bmp |css|js|swf|htm[ l]?)$ - [R=404,L ] http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
More protection for you e! re Master 5 € f The 1 Admin Tools .htaccess Professional http://akeeba.info/master- http://akeeba.info/atpro htaccess use coupon code JDNL11 Πέμπτη, 31 Μαρτίου 2011
That’s me... and this is the perfect time to ask me questions! Πέμπτη, 31 Μαρτίου 2011
That’s all folks! Want the slides? http://akeeba.info/security-101 Πέμπτη, 31 Μαρτίου 2011

Empfohlen

Regalos Cheap & Chic
Regalos Cheap & ChicRegalos Cheap & Chic
Regalos Cheap & ChicSanluc Regalos Publicitarios
 
2012-10-24 OER and Solving the Textbook Cost Crisis
2012-10-24 OER and Solving the Textbook Cost Crisis2012-10-24 OER and Solving the Textbook Cost Crisis
2012-10-24 OER and Solving the Textbook Cost CrisisNicole Allen
 
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)Nicole Allen
 
Radio Sua Voz
Radio Sua VozRadio Sua Voz
Radio Sua VozDaniel_Cajobi
 
Bauprobleme und demokratie post juli 2013
Bauprobleme und demokratie post juli 2013Bauprobleme und demokratie post juli 2013
Bauprobleme und demokratie post juli 2013Jürgen Lauber
 
للدكتورة شيرين أبو وردة - عرض الممارسات الجيدة والتجارب المتميزة للتنمية الا...
للدكتورة شيرين أبو وردة - عرض الممارسات الجيدة والتجارب المتميزة للتنمية الا...للدكتورة شيرين أبو وردة - عرض الممارسات الجيدة والتجارب المتميزة للتنمية الا...
للدكتورة شيرين أبو وردة - عرض الممارسات الجيدة والتجارب المتميزة للتنمية الا...Talal Al-Shammari
 
о диасофт рус финал
о диасофт рус финало диасофт рус финал
о диасофт рус финалDmitriy Kalenykh, MBA, ICP-APM, -ATF, SAFe SA
 
Snow
SnowSnow
Snowgustavorodal
 

Empfohlen

Regalos Cheap & Chic
Regalos Cheap & ChicRegalos Cheap & Chic
Regalos Cheap & ChicSanluc Regalos Publicitarios
 
2012-10-24 OER and Solving the Textbook Cost Crisis
2012-10-24 OER and Solving the Textbook Cost Crisis2012-10-24 OER and Solving the Textbook Cost Crisis
2012-10-24 OER and Solving the Textbook Cost CrisisNicole Allen
 
2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)2011-11-09 The State of Open Textbooks (Sloan-C Conference)
2011-11-09 The State of Open Textbooks (Sloan-C Conference)Nicole Allen
 
Radio Sua Voz
Radio Sua VozRadio Sua Voz
Radio Sua VozDaniel_Cajobi
 
Bauprobleme und demokratie post juli 2013
Bauprobleme und demokratie post juli 2013Bauprobleme und demokratie post juli 2013
Bauprobleme und demokratie post juli 2013Jürgen Lauber
 
للدكتورة شيرين أبو وردة - عرض الممارسات الجيدة والتجارب المتميزة للتنمية الا...
للدكتورة شيرين أبو وردة - عرض الممارسات الجيدة والتجارب المتميزة للتنمية الا...للدكتورة شيرين أبو وردة - عرض الممارسات الجيدة والتجارب المتميزة للتنمية الا...
للدكتورة شيرين أبو وردة - عرض الممارسات الجيدة والتجارب المتميزة للتنمية الا...Talal Al-Shammari
 
о диасофт рус финал
о диасофт рус финало диасофт рус финал
о диасофт рус финалDmitriy Kalenykh, MBA, ICP-APM, -ATF, SAFe SA
 
Snow
SnowSnow
Snowgustavorodal
 
Performance Super-hype Márkaépítés Konferencia
Performance Super-hype Márkaépítés KonferenciaPerformance Super-hype Márkaépítés Konferencia
Performance Super-hype Márkaépítés KonferenciaCarnation Group
 
Social Media
Social MediaSocial Media
Social MediaLoretta Durham
 
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...Azimut Yacht Club
 
Encouraging engagement with the provision of emotional competency coaching fo...
Encouraging engagement with the provision of emotional competency coaching fo...Encouraging engagement with the provision of emotional competency coaching fo...
Encouraging engagement with the provision of emotional competency coaching fo...Social Care Ireland
 
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...Azimut Yacht Club
 
Social Media Advertising: Pacific New Media, June 2016
Social Media Advertising: Pacific New Media, June 2016Social Media Advertising: Pacific New Media, June 2016
Social Media Advertising: Pacific New Media, June 2016Wahine Media
 
What have you learnt about technologies from the process of constructing this...
What have you learnt about technologies from the process of constructing this...What have you learnt about technologies from the process of constructing this...
What have you learnt about technologies from the process of constructing this...Rachel Fradgley
 
Sugar creation preso corrected final.ver1
Sugar creation preso corrected final.ver1Sugar creation preso corrected final.ver1
Sugar creation preso corrected final.ver1Salman Surgit
 
SPIC MACAY: Raison d’etre
SPIC MACAY: Raison d’etreSPIC MACAY: Raison d’etre
SPIC MACAY: Raison d’etreDhanada Mishra
 
Lab 4 handout 043012
Lab 4 handout 043012Lab 4 handout 043012
Lab 4 handout 043012Tim Arroyo
 
Slideshare stuff
Slideshare stuffSlideshare stuff
Slideshare stuffstephen2
 
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)Nicole Allen
 
Chad daley 1
Chad daley 1Chad daley 1
Chad daley 1chad101290
 
документ камерa Qwizdom
документ камерa Qwizdomдокумент камерa Qwizdom
документ камерa QwizdomИгорь Анатольевич
 
Simt advertisementdistance learning correspondence course bachelor of commerc...
Simt advertisementdistance learning correspondence course bachelor of commerc...Simt advertisementdistance learning correspondence course bachelor of commerc...
Simt advertisementdistance learning correspondence course bachelor of commerc...Shyam Institute of Management & Technology
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Weitere ähnliche Inhalte

Andere mochten auch

Performance Super-hype Márkaépítés Konferencia
Performance Super-hype Márkaépítés KonferenciaPerformance Super-hype Márkaépítés Konferencia
Performance Super-hype Márkaépítés KonferenciaCarnation Group
 
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...Azimut Yacht Club
 
Encouraging engagement with the provision of emotional competency coaching fo...
Encouraging engagement with the provision of emotional competency coaching fo...Encouraging engagement with the provision of emotional competency coaching fo...
Encouraging engagement with the provision of emotional competency coaching fo...Social Care Ireland
 
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...Azimut Yacht Club
 
Social Media Advertising: Pacific New Media, June 2016
Social Media Advertising: Pacific New Media, June 2016Social Media Advertising: Pacific New Media, June 2016
Social Media Advertising: Pacific New Media, June 2016Wahine Media
 
What have you learnt about technologies from the process of constructing this...
What have you learnt about technologies from the process of constructing this...What have you learnt about technologies from the process of constructing this...
What have you learnt about technologies from the process of constructing this...Rachel Fradgley
 
Sugar creation preso corrected final.ver1
Sugar creation preso corrected final.ver1Sugar creation preso corrected final.ver1
Sugar creation preso corrected final.ver1Salman Surgit
 
SPIC MACAY: Raison d’etre
SPIC MACAY: Raison d’etreSPIC MACAY: Raison d’etre
SPIC MACAY: Raison d’etreDhanada Mishra
 
Lab 4 handout 043012
Lab 4 handout 043012Lab 4 handout 043012
Lab 4 handout 043012Tim Arroyo
 
Slideshare stuff
Slideshare stuffSlideshare stuff
Slideshare stuffstephen2
 
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)Nicole Allen
 
Simt advertisementdistance learning correspondence course bachelor of commerc...
Simt advertisementdistance learning correspondence course bachelor of commerc...Simt advertisementdistance learning correspondence course bachelor of commerc...
Simt advertisementdistance learning correspondence course bachelor of commerc...Shyam Institute of Management & Technology
 

Andere mochten auch (15)

Performance Super-hype Márkaépítés Konferencia
Performance Super-hype Márkaépítés KonferenciaPerformance Super-hype Márkaépítés Konferencia
Performance Super-hype Márkaépítés Konferencia
 
Social Media
Social MediaSocial Media
Social Media
 
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...
AZIMUT Azimut 68S, 2007, 1.200.000 € For Sale Brochure. Presented By azimut-y...
 
Encouraging engagement with the provision of emotional competency coaching fo...
Encouraging engagement with the provision of emotional competency coaching fo...Encouraging engagement with the provision of emotional competency coaching fo...
Encouraging engagement with the provision of emotional competency coaching fo...
 
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...
AZIMUT Azimut 46, 1997, 199.000 € For Sale Brochure. Presented By azimut-yach...
 
Social Media Advertising: Pacific New Media, June 2016
Social Media Advertising: Pacific New Media, June 2016Social Media Advertising: Pacific New Media, June 2016
Social Media Advertising: Pacific New Media, June 2016
 
What have you learnt about technologies from the process of constructing this...
What have you learnt about technologies from the process of constructing this...What have you learnt about technologies from the process of constructing this...
What have you learnt about technologies from the process of constructing this...
 
Sugar creation preso corrected final.ver1
Sugar creation preso corrected final.ver1Sugar creation preso corrected final.ver1
Sugar creation preso corrected final.ver1
 
SPIC MACAY: Raison d’etre
SPIC MACAY: Raison d’etreSPIC MACAY: Raison d’etre
SPIC MACAY: Raison d’etre
 
Lab 4 handout 043012
Lab 4 handout 043012Lab 4 handout 043012
Lab 4 handout 043012
 
Slideshare stuff
Slideshare stuffSlideshare stuff
Slideshare stuff
 
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)
2011-04-05 Open Textbooks: The College Student Speaks Out (Webinar)
 
Chad daley 1
Chad daley 1Chad daley 1
Chad daley 1
 
документ камерa Qwizdom
документ камерa Qwizdomдокумент камерa Qwizdom
документ камерa Qwizdom
 
Simt advertisementdistance learning correspondence course bachelor of commerc...
Simt advertisementdistance learning correspondence course bachelor of commerc...Simt advertisementdistance learning correspondence course bachelor of commerc...
Simt advertisementdistance learning correspondence course bachelor of commerc...
 

Kürzlich hochgeladen

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

JD11NL - Joomla! Security 101

  • 1. Joomla! Security 101 What to do before disaster strikes http://akeeba.info/security-101 Πέμπτη, 31 Μαρτίου 2011
  • 2. Hi, I’m Nicholas Dionysopoulos and I bet you can’t pronounce my last name http://akeeba.info/me Πέμπτη, 31 Μαρτίου 2011
  • 3. The basics What we’re supposed to do and rarely do it Πέμπτη, 31 Μαρτίου 2011
  • 4. Frequent, tested backups Would you jump off a plane without a parachute? http://akeeba.info/backup Πέμπτη, 31 Μαρτίου 2011
  • 5. Update, yesterday Yesterday’s code is tomorrow’s hack http://akeeba.info/basic-security Πέμπτη, 31 Μαρτίου 2011
  • 6. Protect your backend The login is not enough Πέμπτη, 31 Μαρτίου 2011
  • 7. 777: The number of the beast Permissions are doors; don’t leave them open http://akeeba.info/777 Πέμπτη, 31 Μαρτίου 2011
  • 8. Sensible permissions Ask your host to enable suPHP or Apache’s mod_itk Site root 0755 or 0700 Directories 0755 Files 0644 If you “must” use 0777 (don’t!) protect with .htaccess: order deny, allow deny from all Πέμπτη, 31 Μαρτίου 2011
  • 9. Don’t be a sitting duck It’s duck season! Πέμπτη, 31 Μαρτίου 2011
  • 10. Mind your prefix Nobody wants to be a jos_ http://akeeba.info/prefix Πέμπτη, 31 Μαρτίου 2011
  • 11. 62 reasons to fire your Super Administrator or 42, depending on Joomla! version... http://akeeba.info/62-reasons Πέμπτη, 31 Μαρτίου 2011
  • 12. Security Kung-Fu You can’t kill a Ninja http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 13. Visual fingerprinting Seeing is believing and then some tm pl= of fl in e p =1 t y mplate= ja_purit http://akeeba.info/ninja te Πέμπτη, 31 Μαρτίου 2011
  • 14. Visual fingerprinting RewriteCond %{QU ERY_STRING} (&|% 3F){1,1}tp= [OR] RewriteCond %{QU ERY_STRING} (&|% 3F){1,1} template= [OR] RewriteCond %{QU ERY_STRING} (&|% 3F){1,1}tmpl= [NC] RewriteRule ^(.* )$ - [R=404,L] http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 15. PHP has a big mouth and that’s not water cooler gossip! http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 16. PHP has a big mouth http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 17. PHP has a big mouth http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 18. PHP has a big mouth RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F36- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F34- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F35- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^ %3F=PHPB8B5F2A0- 3C92-11d3-A3A9-4 C7B08C10000 RewriteRule ^(.* )$ - [R=404,L] http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 19. Blind Elephant Meet your supervillain http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 21. Blind Elephant nicholas@teapot:~/blindelephant$ ./BlindElephant.py mysite.com joomla Loaded /home/nicholas/projects/3rdparty/blindelephant/trunk/src/build/lib.linux-x86_64-2.6/blindelephant/ dbs/joomla.pkl with 33 versions, 3696 differentiating paths, and 122 version groups. Starting BlindElephant fingerprint for version of joomla at http://joomla.ubuntu.web Hit http://joomla.ubuntu.web/media/system/js/validate.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/includes/js/joomla.javascript.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/media/system/js/caption.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/media/system/js/openid.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/templates/rhuk_milkyway/css/template.css Possible versions based on result: 1.5.17, 1.5.18 Fingerprinting resulted in: 1.5.17 1.5.18 Best Guess: 1.5.18 http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 22. Blind Elephant RewriteRule ^(im ages/stories/*. (jpe[g,2]?|jpg| png|gif|bmp|css| js|swf|htm[l]?)) $ $1 [L] RewriteCond %{RE QUEST_FILENAME} -f RewriteCond %{HT TP_REFERER} !^ht tp[s]{0,1}://(.+ .)?www.example .com [NC] RewriteRule .(j pe[g,2]?|jpg|png |gif|bmp |css|js|swf|htm[ l]?)$ - [R=404,L ] http://akeeba.info/ninja Πέμπτη, 31 Μαρτίου 2011
  • 23. More protection for you e! re Master 5 € f The 1 Admin Tools .htaccess Professional http://akeeba.info/master- http://akeeba.info/atpro htaccess use coupon code JDNL11 Πέμπτη, 31 Μαρτίου 2011
  • 24. That’s me... and this is the perfect time to ask me questions! Πέμπτη, 31 Μαρτίου 2011
  • 25. That’s all folks! Want the slides? http://akeeba.info/security-101 Πέμπτη, 31 Μαρτίου 2011