Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

  • 535 views
Uploaded on

The sixth major revision of my security introduction presentation,

The sixth major revision of my security introduction presentation,

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Once again, Thank You Nicholas!!!
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
535
On Slideshare
0
From Embeds
0
Number of Embeds
5

Actions

Shares
Downloads
20
Comments
1
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Joomla! Security 101version 6.0
  • 2. Mission: ImpossibleTalking in-depth about Joomla! security in 30 minutesor less... but I’ll try!
  • 3. Put your pens awaySit back and enjoy
  • 4. Updated server softwarePHP, MySQL, Apache, FTP Server...
  • 5. Permissions & ownershipWho can do what and where
  • 6. Sane ownership &permissionsAll files and folders owned by the FTP userUse Joomla!’s FTP mode on shared hostsFolders 0755 permissions • Files 0644 permissionsIf you “must” use 0777 (don’t!), protect with .htaccessorder deny, allowdeny from allallow from noneBetter yet, use suPHP or FastCGI
  • 7. Too much to remember?Akeeba Backup User’s Guide, SecurityInformationhttps://www.akeebabackup.com/documentation/akeeba-backup-documentation/security-info.html777: The number of the beasthttp://www.dionysopoulos.me/blog/777-the-number-of-the-beast
  • 8. Update, yesterdayJoomla! & extensions
  • 9. Think before installingDon’t be the mouse in the trap!
  • 10. Length matters
  • 11. Your Password’s length matters
  • 12. A terrifying thoughtPassword hacking super-computer: 2,700 USD(back in 2010; much cheaper now)
  • 13. How safe is your password?Password Bits Iterations Time to crack15082005adminortrtaortftaaidbt0rtrTA0rtfTa&idbThorse correct battery stapler13,6 12416 0.00038 msec15,9 61147 0.00185 msec67,7 2,39e+20 228.95 years88,2 3,55e+26 340 million years107,2 1,86e+32 178179 billion years
  • 14. Derive from a sentence
  • 15. Derive from a sentencethequickbrownfoxjumpedoverthelazydog
  • 16. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotld
  • 17. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD
  • 18. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD+qbFjo+lD
  • 19. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD+qbFjo+lD+qbFj0+1D
  • 20. Derive from a sentence+qbFj0+1D
  • 21. Still unsure? Write it downAnd keep it ON YOUR PERSON!+qbFj0+1D
  • 22. Use a password managerAnd keep it on your person (mobile device)
  • 23. Lock it downNothing on my site runs unless I say so
  • 24. .htaccess RulesMy Master .htaccess - FREEhttp://akeeba.assembla.com/code/master-htaccess/git/nodes/htaccess.txtAdmin Tools Professionalhttps://www.akeebabackup.com/products/46-software/855-admintools.html
  • 25. Armor upProtect your site
  • 26. BackupsFrequent, automated, off-site backups
  • 27. Use myJoomla.comDead easy site auditing – and fixing!
  • 28. In spite of it all…
  • 29. Dammit!You got hacked, now what?
  • 30. DON’TPANIC
  • 31. We’ve got instructionsUnhacking your sitehttps://www.akeebabackup.com/documentation/walkthroughs/item/1124-unhacking-your-site.htmlYou do have backups, right?You did use myJoomla.com, right?Make sure you read the instructions before gettinghacked.
  • 32. Questions?
  • 33. Download this presentationhttp://akeeba.info/asjd13bih
  • 34. Thank you for listening!Image credits for copyrighted images: sxc.hu; istockphoto.comCoprights of the logos and screenshots of software displayed in this presentaiton is owned by their respective companies