0
Joomla! Security 101version 6.0
Mission: ImpossibleTalking in-depth about Joomla! security in 30 minutesor less... but I’ll try!
Put your pens awaySit back and enjoy
Updated server softwarePHP, MySQL, Apache, FTP Server...
Permissions & ownershipWho can do what and where
Sane ownership &permissionsAll files and folders owned by the FTP userUse Joomla!’s FTP mode on shared hostsFolders 0755 pe...
Too much to remember?Akeeba Backup User’s Guide, SecurityInformationhttps://www.akeebabackup.com/documentation/akeeba-back...
Update, yesterdayJoomla! & extensions
Think before installingDon’t be the mouse in the trap!
Length matters
Your Password’s length matters
A terrifying thoughtPassword hacking super-computer: 2,700 USD(back in 2010; much cheaper now)
How safe is your password?Password Bits Iterations Time to crack15082005adminortrtaortftaaidbt0rtrTA0rtfTa&idbThorse corre...
Derive from a sentence
Derive from a sentencethequickbrownfoxjumpedoverthelazydog
Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotld
Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD
Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD+qbFjo+lD
Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD+qbFjo+lD+qbFj0+1D
Derive from a sentence+qbFj0+1D
Still unsure? Write it downAnd keep it ON YOUR PERSON!+qbFj0+1D
Use a password managerAnd keep it on your person (mobile device)
Lock it downNothing on my site runs unless I say so
.htaccess RulesMy Master .htaccess - FREEhttp://akeeba.assembla.com/code/master-htaccess/git/nodes/htaccess.txtAdmin Tools...
Armor upProtect your site
BackupsFrequent, automated, off-site backups
Use myJoomla.comDead easy site auditing – and fixing!
In spite of it all…
Dammit!You got hacked, now what?
DON’TPANIC
We’ve got instructionsUnhacking your sitehttps://www.akeebabackup.com/documentation/walkthroughs/item/1124-unhacking-your-...
Questions?
Download this presentationhttp://akeeba.info/asjd13bih
Thank you for listening!Image credits for copyrighted images: sxc.hu; istockphoto.comCoprights of the logos and screenshot...
Upcoming SlideShare
Loading in...5
×

Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

656

Published on

The sixth major revision of my security introduction presentation,

Published in: Technology
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total Views
656
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
25
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013"

  1. 1. Joomla! Security 101version 6.0
  2. 2. Mission: ImpossibleTalking in-depth about Joomla! security in 30 minutesor less... but I’ll try!
  3. 3. Put your pens awaySit back and enjoy
  4. 4. Updated server softwarePHP, MySQL, Apache, FTP Server...
  5. 5. Permissions & ownershipWho can do what and where
  6. 6. Sane ownership &permissionsAll files and folders owned by the FTP userUse Joomla!’s FTP mode on shared hostsFolders 0755 permissions • Files 0644 permissionsIf you “must” use 0777 (don’t!), protect with .htaccessorder deny, allowdeny from allallow from noneBetter yet, use suPHP or FastCGI
  7. 7. Too much to remember?Akeeba Backup User’s Guide, SecurityInformationhttps://www.akeebabackup.com/documentation/akeeba-backup-documentation/security-info.html777: The number of the beasthttp://www.dionysopoulos.me/blog/777-the-number-of-the-beast
  8. 8. Update, yesterdayJoomla! & extensions
  9. 9. Think before installingDon’t be the mouse in the trap!
  10. 10. Length matters
  11. 11. Your Password’s length matters
  12. 12. A terrifying thoughtPassword hacking super-computer: 2,700 USD(back in 2010; much cheaper now)
  13. 13. How safe is your password?Password Bits Iterations Time to crack15082005adminortrtaortftaaidbt0rtrTA0rtfTa&idbThorse correct battery stapler13,6 12416 0.00038 msec15,9 61147 0.00185 msec67,7 2,39e+20 228.95 years88,2 3,55e+26 340 million years107,2 1,86e+32 178179 billion years
  14. 14. Derive from a sentence
  15. 15. Derive from a sentencethequickbrownfoxjumpedoverthelazydog
  16. 16. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotld
  17. 17. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD
  18. 18. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD+qbFjo+lD
  19. 19. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD+qbFjo+lD+qbFj0+1D
  20. 20. Derive from a sentence+qbFj0+1D
  21. 21. Still unsure? Write it downAnd keep it ON YOUR PERSON!+qbFj0+1D
  22. 22. Use a password managerAnd keep it on your person (mobile device)
  23. 23. Lock it downNothing on my site runs unless I say so
  24. 24. .htaccess RulesMy Master .htaccess - FREEhttp://akeeba.assembla.com/code/master-htaccess/git/nodes/htaccess.txtAdmin Tools Professionalhttps://www.akeebabackup.com/products/46-software/855-admintools.html
  25. 25. Armor upProtect your site
  26. 26. BackupsFrequent, automated, off-site backups
  27. 27. Use myJoomla.comDead easy site auditing – and fixing!
  28. 28. In spite of it all…
  29. 29. Dammit!You got hacked, now what?
  30. 30. DON’TPANIC
  31. 31. We’ve got instructionsUnhacking your sitehttps://www.akeebabackup.com/documentation/walkthroughs/item/1124-unhacking-your-site.htmlYou do have backups, right?You did use myJoomla.com, right?Make sure you read the instructions before gettinghacked.
  32. 32. Questions?
  33. 33. Download this presentationhttp://akeeba.info/asjd13bih
  34. 34. Thank you for listening!Image credits for copyrighted images: sxc.hu; istockphoto.comCoprights of the logos and screenshots of software displayed in this presentaiton is owned by their respective companies
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×