JD11NL - Joomla! Security 101

Joomla! Security 101 What to do before disaster strikeshttp://akeeba.info/security-101Πέμπτη, 31 Μαρτίου 2011

Hi, I’m Nicholas Dionysopoulos and I bet you can’t pronounce my last namehttp://akeeba.info/meΠέμπτη, 31 Μαρτίου 2011

The basics What we’re supposed to do and rarely do itΠέμπτη, 31 Μαρτίου 2011

Frequent, tested backups Would you jump off a plane without a parachute?http://akeeba.info/backupΠέμπτη, 31 Μαρτίου 2011

Update, yesterday Yesterday’s code is tomorrow’s hackhttp://akeeba.info/basic-securityΠέμπτη, 31 Μαρτίου 2011

Protect your backend The login is not enoughΠέμπτη, 31 Μαρτίου 2011

777: The number of the beast Permissions are doors; don’t leave them openhttp://akeeba.info/777Πέμπτη, 31 Μαρτίου 2011

Sensible permissions Ask your host to enable suPHP or Apache’s mod_itk Site root 0755 or 0700 Directories 0755 Files 0644 If you “must” use 0777 (don’t!) protect with .htaccess: order deny, allow deny from allΠέμπτη, 31 Μαρτίου 2011

Don’t be a sitting duck It’s duck season!Πέμπτη, 31 Μαρτίου 2011

Mind your preﬁx Nobody wants to be a jos_http://akeeba.info/preﬁxΠέμπτη, 31 Μαρτίου 2011

62 reasons to ﬁre your Super Administrator or 42, depending on Joomla! version...http://akeeba.info/62-reasonsΠέμπτη, 31 Μαρτίου 2011

Security Kung-Fu You can’t kill a Ninjahttp://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Visual ﬁngerprinting Seeing is believing and then some tm pl= of fl in e p =1 t y mplate= ja_purithttp://akeeba.info/ninja teΠέμπτη, 31 Μαρτίου 2011

Visual ﬁngerprinting RewriteCond %{QU ERY_STRING} (&|% 3F){1,1}tp= [OR] RewriteCond %{QU ERY_STRING} (&|% 3F){1,1} template= [OR] RewriteCond %{QU ERY_STRING} (&|% 3F){1,1}tmpl= [NC] RewriteRule ^(.* )$ - [R=404,L]http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

PHP has a big mouth and that’s not water cooler gossip!http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

PHP has a big mouthhttp://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

PHP has a big mouth RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F36- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F34- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^%3F =PHPE9568F35- D428-11d2-A769-0 0AA001ACF42 [OR] RewriteCond %{QU ERY_STRING} ^ %3F=PHPB8B5F2A0- 3C92-11d3-A3A9-4 C7B08C10000 RewriteRule ^(.* )$ - [R=404,L]http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Blind Elephant Meet your supervillainhttp://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Blind Elephanthttp://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Blind Elephant nicholas@teapot:~/blindelephant$ ./BlindElephant.py mysite.com joomla Loaded /home/nicholas/projects/3rdparty/blindelephant/trunk/src/build/lib.linux-x86_64-2.6/blindelephant/ dbs/joomla.pkl with 33 versions, 3696 differentiating paths, and 122 version groups. Starting BlindElephant fingerprint for version of joomla at http://joomla.ubuntu.web Hit http://joomla.ubuntu.web/media/system/js/validate.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/includes/js/joomla.javascript.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/media/system/js/caption.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/media/system/js/openid.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/templates/rhuk_milkyway/css/template.css Possible versions based on result: 1.5.17, 1.5.18 Fingerprinting resulted in: 1.5.17 1.5.18 Best Guess: 1.5.18http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Blind Elephant RewriteRule ^(im ages/stories/*. (jpe[g,2]?|jpg| png|gif|bmp|css| js|swf|htm[l]?)) $ $1 [L] RewriteCond %{RE QUEST_FILENAME} -f RewriteCond %{HT TP_REFERER} !^ht tp[s]{0,1}://(.+ .)?www.example .com [NC] RewriteRule .(j pe[g,2]?|jpg|png |gif|bmp |css|js|swf|htm[ l]?)$ - [R=404,L ]http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

More protection for you e! re Master 5 € f The 1 Admin Tools .htaccess Professional http://akeeba.info/master- http://akeeba.info/atpro htaccess use coupon code JDNL11Πέμπτη, 31 Μαρτίου 2011

That’s me... and this is the perfect time to ask me questions!Πέμπτη, 31 Μαρτίου 2011

That’s all folks! Want the slides? http://akeeba.info/security-101Πέμπτη, 31 Μαρτίου 2011

JD11NL - Joomla! Security 101

by AkeebaBackup.com on Apr 05, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 76

Statistics

JD11NL - Joomla! Security 101 — Presentation Transcript