Blog - Joomla
Written by Kim Pittoors
Wednesday, 28 December 2011 02:53

Joomla is one of the most used CMS systems in the world. A standard joomla installation is almost inhackable. Yet a lot of Joomla websites get hacked these days, why is this?

Vulnerable extensions 
Well a lot of websites have 3rd party extensions installed which are not included in the joomla core. Those extensions can be downloaded from the joomla extension directory for example. A lot of these extensions are completely safe but some contain leaks which can be abused by hackers.

You can check if your extensions are safe on:
http://docs.joomla.org/Vulnerable_Extensions_List

Keep your extensions up to date
it’s also important to keep the 3rd party extensions that you use up to date. Sometimes the developers find leaks in their scripts and fix them. You can’t benefit from those updates if you don’t keep your eye on your installed extensions.  

A very handy tool to help you with this is JMonitoring.  The great thing about this component is that it provides two extremely useful functions if you are trying to manage multiple websites. Firstly it lets you keep an eye on the status of your websites but secondly, and more important for me, is that you can have a cross reference of all the joomla versions, components, module and plugins that your websites are running.

Anyone maintaining multiple websites will know how difficult it is to keep up to date with all the latest versions! One place to go to see a full list of all Components, Modules and Plugins is a true time saver.

You can download Jmonitoring here:
http://extensions.joomla.org/extensions/access-a-security/site-security/site-monitoring/9787

Unsafe Webhosting or Joomla settings
Another Reason why Joomla Websites can get hacked is because of unsafe webhosting settings. A lot of people don’t know how to safely configure their web service when working with Joomla websites. A very handy tool to help you optimize your settings for safety is called Guard XT. After installing the component on your website it helps you secure your website and it can do even more.

Keep an eye on your files
GuardXT performs health checks on your Joomla site. The "heart" of GuardXT is a file system check (best scheduled as a cron job), that regulary monitors changes of your files. Additionally various security checks may be performed (e.g. check Joomla configuration, PHP settings etc...).
The results are presented in an easy to use and understand interface and most security issues can be fixed immediately from the interface.

It’s a very useful tool to secure and monitor your website. However this component still contains a lot of bugs to be fixed. But I still can recommend it strongly. The most important functions are working, and I hope all bugs will be fixed in the future.

You can download GuardXT here:
http://extensions.joomla.org/extensions/access-a-security/site-security/site-monitoring/7013

Protect your site against SQL Injections, Remote file Inclusions, Remote Code Executions and XSS attacks.
Hackers use a number of methods to abuse your website.  These are some methods used by hackers: SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks.

Jhackguard can protect you against the most of these attacks. JhackGuard is designed by SiteGround to protect Joomla websites from hacking attacks. Just add it to your Joomla and it will be safe against most hacking methods.

You can download Jhackguard here:
http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/13233

Protect your site against SQL Injections and local files inclusions
Another nice tool to secure your websites is called: Marco's SQL Injection.  This plugin adds a simple but, in most cases, fundamental protection against SQL injection and local files inclusions. It checks data sent to Joomla and intercepts a lot of common exploits, saving your site from hackers.

* Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts.
* Notifies you by e-mail when an alert is generated.
* Protect also from unknown 3rd Party extensions vulnerability.
* White list for safe components (at your risk)
* automatic ip blocking on attack

You can download Marco's SQL Injection here:
http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/12731

All these tools are to be used with caution. Always make a backup of your website before installing these extensions. Read the documentation of these extensions well before installing them on live sites. And try to test stuff first on a testing website before installing it on existing websites.

After you have installed extensions on to your live website thoroughly check your website for bugs or problems that might occur. These security extensions are not just regular joomla extensions. They need to be handled with care. But if used well they can save you a lot of work and frustration!

Last Updated on Saturday, 05 August 2017 02:05
 
Copyright © 2009 - 2019 Sitemap

This website uses cookies for analysis and ad placement. By continuing to use this website, you agree to our use of cookies on your computer