SlideShare a Scribd company logo

Joomla! security 101

Download as PPTX, PDF
V
vdrover
1 of 17
Joomla! security 101 What to do before disaster strikes
That’s me I am Nicholas K. Dionysopoulos, the lead developer of Akeeba Backup and contributing author at the Joomla! Community Magazine.
The basics …or what you are supposed to do and rarely remember to do it
Backup, backup and backup
Update, yesterday
Multifactor back-end authentication Password protection Secret URL parameter Use your host’s Control Panel, or .htaccess Best protection Doesn’t cost More difficult to setup Use jSecure Authentication Very easy to setup Costs money Doesn’t protect against direct access to files
Permissions must make sense Should I 0777 anything? ,[object Object]
Better enable Joomla!’s FTP layer.
Only required by badly written extensions.
tmp, logs, cache and administrator/cache directories.
If you do that, make sure you install this .htaccess in each and every of them:order deny, allowdeny from all
The advanced stuff …which every site builder should do on every site he builds
We are all sitting ducks Known prefix,jos_ and known ID62 make me say what the quack…?!
The prefix matters
62 reasons to fire your Super Admin
Only a ninja can kill another ninja Crash course to .htaccessKung-Fu
Visual fingerprinting RewriteCond %{QUERY_STRING} (&|%3F){1,1}tp= [OR] RewriteCond %{QUERY_STRING} (&|%3F){1,1}template= [OR] RewriteCond%{QUERY_STRING} (&|%3F){1,1}tmpl= [NC] RewriteRule^(.*)$ - [R=404,L]

Recommended

Úvod do programování 5
Úvod do programování 5Úvod do programování 5
Úvod do programování 5Karel Minarik
 
You don't know people
You don't know peopleYou don't know people
You don't know peopleEvan Solomon
 
Maintaining your own branch of Drupal core
Maintaining your own branch of Drupal coreMaintaining your own branch of Drupal core
Maintaining your own branch of Drupal coredrumm
 
Specs Presentation
Specs PresentationSpecs Presentation
Specs PresentationSynesso
 
Richard practica nº2.php
Richard practica nº2.phpRichard practica nº2.php
Richard practica nº2.phprichardrq
 
02 Installing and configuring PHP environment & PhpStorm #burningkeyboards
02 Installing and configuring PHP environment & PhpStorm #burningkeyboards02 Installing and configuring PHP environment & PhpStorm #burningkeyboards
02 Installing and configuring PHP environment & PhpStorm #burningkeyboardsDenis Ristic
 
Fewer cables
Fewer cablesFewer cables
Fewer cablesacme
 
Defeating Cross-Site Scripting with Content Security Policy
Defeating Cross-Site Scripting with Content Security PolicyDefeating Cross-Site Scripting with Content Security Policy
Defeating Cross-Site Scripting with Content Security PolicyFrancois Marier
 

Recommended

Úvod do programování 5
Úvod do programování 5Úvod do programování 5
Úvod do programování 5Karel Minarik
 
You don't know people
You don't know peopleYou don't know people
You don't know peopleEvan Solomon
 
Maintaining your own branch of Drupal core
Maintaining your own branch of Drupal coreMaintaining your own branch of Drupal core
Maintaining your own branch of Drupal coredrumm
 
Specs Presentation
Specs PresentationSpecs Presentation
Specs PresentationSynesso
 
Richard practica nº2.php
Richard practica nº2.phpRichard practica nº2.php
Richard practica nº2.phprichardrq
 
02 Installing and configuring PHP environment & PhpStorm #burningkeyboards
02 Installing and configuring PHP environment & PhpStorm #burningkeyboards02 Installing and configuring PHP environment & PhpStorm #burningkeyboards
02 Installing and configuring PHP environment & PhpStorm #burningkeyboardsDenis Ristic
 
Fewer cables
Fewer cablesFewer cables
Fewer cablesacme
 
Defeating Cross-Site Scripting with Content Security Policy
Defeating Cross-Site Scripting with Content Security PolicyDefeating Cross-Site Scripting with Content Security Policy
Defeating Cross-Site Scripting with Content Security PolicyFrancois Marier
 
Sales Challenges Holding You Back?
Sales Challenges Holding You Back?Sales Challenges Holding You Back?
Sales Challenges Holding You Back?kdtemple
 
Industries
IndustriesIndustries
Industriesjakedargo
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceAnaren, Inc.
 
Mobile Sniffer
Mobile SnifferMobile Sniffer
Mobile SnifferMohit Khatri
 
Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016Djrey78
 
Today's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's ChallengesToday's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's ChallengesScott Chapin
 
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটিWordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটিFaysal Shahi
 
Heavy Web Optimization: Backend
Heavy Web Optimization: BackendHeavy Web Optimization: Backend
Heavy Web Optimization: BackendVõ Duy Tuấn
 
Tips on Securing Drupal Sites
Tips on Securing Drupal SitesTips on Securing Drupal Sites
Tips on Securing Drupal Sitescgmonroe
 
Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Maurizio Pelizzone
 
PhpBB meets Symfony2
PhpBB meets Symfony2PhpBB meets Symfony2
PhpBB meets Symfony2Fabien Potencier
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5Wim Godden
 
Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Jason Morrison
 
Download It
Download ItDownload It
Download Itwebhostingguy
 
Symfony2 - OSIDays 2010
Symfony2 - OSIDays 2010Symfony2 - OSIDays 2010
Symfony2 - OSIDays 2010Fabien Potencier
 
Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Fabien Potencier
 
Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Fabien Potencier
 
Dc kyiv2010 jun_08
Dc kyiv2010 jun_08Dc kyiv2010 jun_08
Dc kyiv2010 jun_08Andrii Podanenko
 
Drupal Deployment Troubles and Problems
Drupal Deployment Troubles and ProblemsDrupal Deployment Troubles and Problems
Drupal Deployment Troubles and ProblemsAndrii Lundiak
 
Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101Ted Kulp
 
Web Security
Web SecurityWeb Security
Web SecurityRene Churchill
 
Symfony 1, mi viejo amigo
Symfony 1, mi viejo amigoSymfony 1, mi viejo amigo
Symfony 1, mi viejo amigoJose Antonio Pio
 

More Related Content

Viewers also liked

Sales Challenges Holding You Back?
Sales Challenges Holding You Back?Sales Challenges Holding You Back?
Sales Challenges Holding You Back?kdtemple
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceAnaren, Inc.
 
Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016Djrey78
 
Today's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's ChallengesToday's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's ChallengesScott Chapin
 

Viewers also liked (6)

Sales Challenges Holding You Back?
Sales Challenges Holding You Back?Sales Challenges Holding You Back?
Sales Challenges Holding You Back?
 
Industries
IndustriesIndustries
Industries
 
How to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile deviceHow to use Bluetooth® Smart to control your embedded device with a mobile device
How to use Bluetooth® Smart to control your embedded device with a mobile device
 
Mobile Sniffer
Mobile SnifferMobile Sniffer
Mobile Sniffer
 
Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016Planes 4º bloque 2015 2016
Planes 4º bloque 2015 2016
 
Today's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's ChallengesToday's Opportunities, Tomorrow's Challenges
Today's Opportunities, Tomorrow's Challenges
 

Similar to Joomla! security 101

WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটিWordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটিFaysal Shahi
 
Heavy Web Optimization: Backend
Heavy Web Optimization: BackendHeavy Web Optimization: Backend
Heavy Web Optimization: BackendVõ Duy Tuấn
 
Tips on Securing Drupal Sites
Tips on Securing Drupal SitesTips on Securing Drupal Sites
Tips on Securing Drupal Sitescgmonroe
 
Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Maurizio Pelizzone
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5Wim Godden
 
Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Jason Morrison
 
Drupal Deployment Troubles and Problems
Drupal Deployment Troubles and ProblemsDrupal Deployment Troubles and Problems
Drupal Deployment Troubles and ProblemsAndrii Lundiak
 
Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101Ted Kulp
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Projectxsist10
 
Good practices for PrestaShop code security and optimization
Good practices for PrestaShop code security and optimizationGood practices for PrestaShop code security and optimization
Good practices for PrestaShop code security and optimizationPrestaShop
 

Similar to Joomla! security 101 (20)

WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটিWordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
WordPress Security - ওয়ার্ডপ্রেসের সিকিউরিটি
 
Heavy Web Optimization: Backend
Heavy Web Optimization: BackendHeavy Web Optimization: Backend
Heavy Web Optimization: Backend
 
Tips on Securing Drupal Sites
Tips on Securing Drupal SitesTips on Securing Drupal Sites
Tips on Securing Drupal Sites
 
Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress
 
PhpBB meets Symfony2
PhpBB meets Symfony2PhpBB meets Symfony2
PhpBB meets Symfony2
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5
 
Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.Clearance: Simple, complete Ruby web app authentication.
Clearance: Simple, complete Ruby web app authentication.
 
Download It
Download ItDownload It
Download It
 
Symfony2 - OSIDays 2010
Symfony2 - OSIDays 2010Symfony2 - OSIDays 2010
Symfony2 - OSIDays 2010
 
Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010
 
Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010
 
Dc kyiv2010 jun_08
Dc kyiv2010 jun_08Dc kyiv2010 jun_08
Dc kyiv2010 jun_08
 
Drupal Deployment Troubles and Problems
Drupal Deployment Troubles and ProblemsDrupal Deployment Troubles and Problems
Drupal Deployment Troubles and Problems
 
Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101Geek Moot '09 -- Smarty 101
Geek Moot '09 -- Smarty 101
 
Web Security
Web SecurityWeb Security
Web Security
 
Symfony 1, mi viejo amigo
Symfony 1, mi viejo amigoSymfony 1, mi viejo amigo
Symfony 1, mi viejo amigo
 
Mojolicious
MojoliciousMojolicious
Mojolicious
 
Php tutorial
Php tutorialPhp tutorial
Php tutorial
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
 
Good practices for PrestaShop code security and optimization
Good practices for PrestaShop code security and optimizationGood practices for PrestaShop code security and optimization
Good practices for PrestaShop code security and optimization
 

More from vdrover

Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017vdrover
 
Joomla, open source and the power of volunteers
Joomla, open source and the power of volunteersJoomla, open source and the power of volunteers
Joomla, open source and the power of volunteersvdrover
 
Cracking the inbound marketing code joomla!dagen 2014
Cracking the inbound marketing code joomla!dagen 2014Cracking the inbound marketing code joomla!dagen 2014
Cracking the inbound marketing code joomla!dagen 2014vdrover
 
What's coming in Joomla 4 - Joomla Day Budapest 2013
What's coming in Joomla 4 - Joomla Day Budapest 2013What's coming in Joomla 4 - Joomla Day Budapest 2013
What's coming in Joomla 4 - Joomla Day Budapest 2013vdrover
 
Adding and modifying LESS in your web site templates
Adding and modifying LESS in your web site templatesAdding and modifying LESS in your web site templates
Adding and modifying LESS in your web site templatesvdrover
 
Joomla SEO Overview featuring sh404SEF
Joomla SEO Overview featuring sh404SEFJoomla SEO Overview featuring sh404SEF
Joomla SEO Overview featuring sh404SEFvdrover
 
SEO Optimizing your Content Management System
SEO Optimizing your Content Management SystemSEO Optimizing your Content Management System
SEO Optimizing your Content Management Systemvdrover
 
Fixing Joomla's SEO problems with sh404SEF
Fixing Joomla's SEO problems with sh404SEFFixing Joomla's SEO problems with sh404SEF
Fixing Joomla's SEO problems with sh404SEFvdrover
 
Rethinking internationalization in Joomla 2.5 and beyond
Rethinking internationalization in Joomla 2.5 and beyondRethinking internationalization in Joomla 2.5 and beyond
Rethinking internationalization in Joomla 2.5 and beyondvdrover
 
There is no spoon 2
There is no spoon 2There is no spoon 2
There is no spoon 2vdrover
 
J upgrade presentation
J upgrade presentationJ upgrade presentation
J upgrade presentationvdrover
 
Chad Windnagle - Joomla Tips, Tricks & Must-have Extensions
Chad Windnagle - Joomla Tips, Tricks & Must-have ExtensionsChad Windnagle - Joomla Tips, Tricks & Must-have Extensions
Chad Windnagle - Joomla Tips, Tricks & Must-have Extensionsvdrover
 
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...vdrover
 
Jeff Channell - Secure PHP Coding Practices
Jeff Channell - Secure PHP Coding PracticesJeff Channell - Secure PHP Coding Practices
Jeff Channell - Secure PHP Coding Practicesvdrover
 
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...vdrover
 
Jug joomla 1.6
Jug joomla 1.6Jug joomla 1.6
Jug joomla 1.6vdrover
 
Tour of sh404SEF - SEO and security for Joomla
Tour of sh404SEF - SEO and security for JoomlaTour of sh404SEF - SEO and security for Joomla
Tour of sh404SEF - SEO and security for Joomlavdrover
 

More from vdrover (17)

Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017Wordpress security best practices - WordCamp Waukesha 2017
Wordpress security best practices - WordCamp Waukesha 2017
 
Joomla, open source and the power of volunteers
Joomla, open source and the power of volunteersJoomla, open source and the power of volunteers
Joomla, open source and the power of volunteers
 
Cracking the inbound marketing code joomla!dagen 2014
Cracking the inbound marketing code joomla!dagen 2014Cracking the inbound marketing code joomla!dagen 2014
Cracking the inbound marketing code joomla!dagen 2014
 
What's coming in Joomla 4 - Joomla Day Budapest 2013
What's coming in Joomla 4 - Joomla Day Budapest 2013What's coming in Joomla 4 - Joomla Day Budapest 2013
What's coming in Joomla 4 - Joomla Day Budapest 2013
 
Adding and modifying LESS in your web site templates
Adding and modifying LESS in your web site templatesAdding and modifying LESS in your web site templates
Adding and modifying LESS in your web site templates
 
Joomla SEO Overview featuring sh404SEF
Joomla SEO Overview featuring sh404SEFJoomla SEO Overview featuring sh404SEF
Joomla SEO Overview featuring sh404SEF
 
SEO Optimizing your Content Management System
SEO Optimizing your Content Management SystemSEO Optimizing your Content Management System
SEO Optimizing your Content Management System
 
Fixing Joomla's SEO problems with sh404SEF
Fixing Joomla's SEO problems with sh404SEFFixing Joomla's SEO problems with sh404SEF
Fixing Joomla's SEO problems with sh404SEF
 
Rethinking internationalization in Joomla 2.5 and beyond
Rethinking internationalization in Joomla 2.5 and beyondRethinking internationalization in Joomla 2.5 and beyond
Rethinking internationalization in Joomla 2.5 and beyond
 
There is no spoon 2
There is no spoon 2There is no spoon 2
There is no spoon 2
 
J upgrade presentation
J upgrade presentationJ upgrade presentation
J upgrade presentation
 
Chad Windnagle - Joomla Tips, Tricks & Must-have Extensions
Chad Windnagle - Joomla Tips, Tricks & Must-have ExtensionsChad Windnagle - Joomla Tips, Tricks & Must-have Extensions
Chad Windnagle - Joomla Tips, Tricks & Must-have Extensions
 
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
Yannick Gaultier - Using sh404SEF to improve search engine ranking of your Jo...
 
Jeff Channell - Secure PHP Coding Practices
Jeff Channell - Secure PHP Coding PracticesJeff Channell - Secure PHP Coding Practices
Jeff Channell - Secure PHP Coding Practices
 
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
SEO, Analytics and Security with sh404SEF (JoomlaDay South Africa, 2011, Cape...
 
Jug joomla 1.6
Jug joomla 1.6Jug joomla 1.6
Jug joomla 1.6
 
Tour of sh404SEF - SEO and security for Joomla
Tour of sh404SEF - SEO and security for JoomlaTour of sh404SEF - SEO and security for Joomla
Tour of sh404SEF - SEO and security for Joomla
 

Joomla! security 101

  • 1. Joomla! security 101 What to do before disaster strikes
  • 2. That’s me I am Nicholas K. Dionysopoulos, the lead developer of Akeeba Backup and contributing author at the Joomla! Community Magazine.
  • 3. The basics …or what you are supposed to do and rarely remember to do it
  • 6. Multifactor back-end authentication Password protection Secret URL parameter Use your host’s Control Panel, or .htaccess Best protection Doesn’t cost More difficult to setup Use jSecure Authentication Very easy to setup Costs money Doesn’t protect against direct access to files
  • 7.
  • 9. Only required by badly written extensions.
  • 10. tmp, logs, cache and administrator/cache directories.
  • 11. If you do that, make sure you install this .htaccess in each and every of them:order deny, allowdeny from all
  • 12. The advanced stuff …which every site builder should do on every site he builds
  • 13. We are all sitting ducks Known prefix,jos_ and known ID62 make me say what the quack…?!
  • 15. 62 reasons to fire your Super Admin
  • 16. Only a ninja can kill another ninja Crash course to .htaccessKung-Fu
  • 17. Visual fingerprinting RewriteCond %{QUERY_STRING} (&|%3F){1,1}tp= [OR] RewriteCond %{QUERY_STRING} (&|%3F){1,1}template= [OR] RewriteCond%{QUERY_STRING} (&|%3F){1,1}tmpl= [NC] RewriteRule^(.*)$ - [R=404,L]
  • 18. PHP has a big mouth RewriteCond %{QUERY_STRING} ^%3F=PHPE9568F36-D428-11d2-A769-00AA001ACF42 [OR] RewriteCond %{QUERY_STRING} ^%3F=PHPE9568F34-D428-11d2-A769-00AA001ACF42 [OR] RewriteCond %{QUERY_STRING} ^%3F=PHPE9568F35-D428-11d2-A769-00AA001ACF42 [OR] RewriteCond %{QUERY_STRING} ^%3F=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 [OR] RewriteRule ^(.*)$ - [R=404,L]
  • 19. Blind the elephant before it stomps you nicholas@teapot:~/blindelephant$ ./BlindElephant.py mysite.com joomla Loaded /home/nicholas/projects/3rdparty/blindelephant/trunk/src/build/lib.linux-x86_64-2.6/blindelephant/dbs/joomla.pkl with 33 versions, 3696 differentiating paths, and 122 version groups. Starting BlindElephant fingerprint for version of joomla at http://joomla.ubuntu.web Hit http://joomla.ubuntu.web/media/system/js/validate.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/includes/js/joomla.javascript.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/media/system/js/caption.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/media/system/js/openid.js Possible versions based on result: 1.5.17, 1.5.18 Hit http://joomla.ubuntu.web/templates/rhuk_milkyway/css/template.css Possible versions based on result: 1.5.17, 1.5.18 Fingerprinting resulted in: 1.5.17 1.5.18 Best Guess: 1.5.18 NEWSFLASH: Hackers easily find out which Joomla! version you are using on your site RewriteRule ^(images/stories/*(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L] RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{HTTP_REFERER} !^http[s]{0,1}://(.+)?wwwexamplecom [NC] RewriteRule (jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?)$ - [R=404,L] More .htaccess rules for further protection in my Master .htaccess:http://snipt.net/nikosdion/the-master-htaccess