more info on the hack
All versions before 3.1.5 and
2.5.14 are vulnerable
Can be executed by any user,
no admin rights needed
The attacker can obtain full
access to Joomla! and its
More info on the hack
There is no excuse for not updating!
Use software to get notiﬁed and update
Here’s a Scenario:
Your site is up to date
Your extensions are up to date
But you still get hacked…
Sometimes when vulnerability in an extension is
found, it takes the extension developers too
much time to ﬁx it.
Therefore it’s always good to use a WAF!
WAF = Web Application Firewall
“ModSecurity supplies an array of request ﬁltering and other
security features to the Apache HTTP Server, IIS and NGINX.
ModSecurity is a web application layer ﬁrewall. ModSecurity is
free software released under the Apache license 2.0.”
SiteGround adds more than 200 mod_sec rules
example mod_sec rule
CloudFlare and Incapsula are advanced
mod_security alike FREE services which add
a CDN functionality.
More Security Bulletins
Joomla! Extensions Security News:
“Templates are software, not just a bunch of graphics. Template
developers do release security upgrades all the time. Make sure
you install them. I've seen many sites getting hacked because of
a dated template with a SQL injection or XSS vulnerability.”
RocketTheme SQL injection in their modules!
Old PHP 5.3 running as CGI remote execution
Quick demo how it works:
MySQL p a s s w o r d - l e s s a u t h s e c u r i t y
vulnerability. All 64bit MySQL versions up to
5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable
Make sure your server side software is current
at all times.
Viruses and Trojans steal your login details.
They want to spam, remember?
Stay up to date on anti-virus software.
Or use Linux.. Or a Mac ;)
So let’s recap…
Update your Joomla!
Update your extensions. Read security bulletins ones in a while.
Update your themes. Don’t forget that!
Use strong passwords and non default admin usernames.
Make sure your server side software is current (PHP, Apache)
Make sure your server side software is correctly setup
Use correct ﬁle permissions for Joomla!
Watch up for that sneaky malware