Security:

Generally, backup is something you need to breathe, not just use, if you are in this business. It's the number one security tool. Having a fresh and usable backup can be a life saver in a number of situations, ...

There is a surprisingly easy way to detect your Joomla version - and one don't need sophisticated tools, like BlindElephant or his siblings to do it. And this information can be used by hackers to make ...

Sometimes you need to block a certain IP address, a group of addresses or certain hosts from accessing your Joomla website. Reasons may include: It's a hacking attempt coming from that IP Someone ...

The term botnet refers to a group of computers (sometimes called zombies) that have been infected with malware to perform tasks for whomever distributed said threat. This individual, or organization, controls ...

A brute force attack is just a trial and error process, that runs repeatedly to obtain the correct username and password information. An automated software is being used in this process which does not ...

A Cross Site Request Forgery (CSRF) attack relies on the trust a website has for a user to execute unauthorized requests and or transactions. For example, say a user is logged into their Joomla! websites' ...

Every hacker in this world knows, that by default all Joomla database tables have the "jos_" prefix. Is that well known, than even automated defacing scripts are using this, and there are a lot of "tools" ...

File and folder permissions are a key part of your Joomla site's security. It's highly recommended that you have set them properly. They should never be 777, but ideal is 644 for files and 755 folders. ...

Choose your extensions wisely - one basic rule when you develop a Joomla site. And same applies to you, weekend webmasters! Your site is a sitting duck, waiting for hackers (especially script kiddies. ...

... or improved security.  ...

Cross Site Scripting is a hacking technique whereby malicious scripting code (usually javascript) is injected into user input forms (in a similar way to SQL injection attacks) or incorporated in a URL ...

A denial of service attack takes place when a hacker overloads a system with large or repeated requests for a service.

A website is stored within a file system on a server. Some of the server's file system is therefore exposed to the outside world and can be accessed by an end-user's web browser. The part of the file ...

In various blog posts, security bulletins, etc. you can read, that you need get rid of the default "admin" user with Super Administrator privileges (and with the default UserID of 62 or 42 - depending ...

One of often overlooked security (and not only) resource for any Joomla site is under your fingertips! With each Joomla install (even from the old Mambo days) you have a file named htaccess.txt in your ...

This is a key security issue, but unfortunately many of the Joomla site-owners need guidance on this. First, let's see what you should know: Joomla is a typical LAMP (Linux/Apache/MySQL/PHP) application, ...

A while ago I wrote a tip about problems geting SEF URL's work on 1&1-s servers. Back then I didn't realized, that the problem is the same - or at least fairly similar - on GoDaddy's servers too. Not ...

HTTP stands for 'HyperText Transfer Protocol', and it is the mechanism used to transfer data from one computer to another across the Internet. You can use HTTP to request information from a server, or ...

Beginning with Joomla 1.6 it's possible to lock anyone out of the back end of the website — including Super Users with Admin permissions — by setting the Site Admin permission to Deny. And this is something ...

Pissed off, eh? Me too! After you put together your site (small or big, hobbyist site or a large corporate one) and installed all the security gizmos available out there you began to receive all kind of ...

You simply can’t be 100% safe from getting your website hacked. But fortunately there are ways to help reduce the chances of being hacked and recover quickly if some clever hacker still succeeds.

Yes, things like media files - or your software. No, I don't sell software - I give it away for free, for example here. Bu I build sites with selling capabilities. My favorite solution for it is VirtueMart, ...

ACL stands for access control levels. It refers to who has permission to do what on the website, including read, create, edit, delete, or log in, among other permissions. Many think of ACL as relating ...

Now you have one more extra reason to use Google's very useful Webmaster Tools. Recently Google added to his arsenal of Joomla related enhancements a useful one: In the Google Webmaster Tools you will ...

... new additions. You're wrong! There's always a major reason for update to the latest version of Joomla: Security!  ...

If files have been modified on your server, or files have been uploaded for instance, you can check the timestamps on those files to find out when the attacker was on your site. This is typical in the ...

Did you manage to lost your password? Worst, maybe you lost the Super Administrator password? And for some reason you can't use the retrieve lost password functionality of Joomla...  If you use Joomla, ...

... The site obviously worked well, but for some reason the link to that inner page was created using the https:// prefix. Obviously, he had no valid security certificate in place - as many sides does not ...

It's always a wise move to move your sensitive files outside of the so called WEBROOT, the directory which is used by Apache to show your website. This way you can be sure, that nobody else, but your ...

This is a core hack. Files you change as described on this page will be overwritten during updates of Joomla! This tip explains how to move your configuration.php file outside of your webroot as ...

In a previous tip where I described how you can made a Joomla site more secure by relocating the admin login page I presumed that anyone reading it is a code guru. But what if not? More and more webmasters ...

Most of attacks on the web - and Joomla sites aren't an exception - are made fully or in first phase at least by automated robots. These are using known entrance points as administrator logins to most ...

If you search for the title of this tip you will found lot of hits. Actually, my last search returned 6.6 millions of hits! Apparently lot of people are having with - or has fears on this subject. When ...

There are numerous other tactics that can be used to break into a computer system, and these usually involve discovering weaknesses or loopholes in the server software's defenses. When a programmer writes ...

Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. His pair, Local File Inclusion ...

Many of you probably had seen already the red warning in Joomla's admin interface, that you need to have the Register Globals set to "on", otherwise your site is exposed to security treats. And also ...

One popular and potentially devastating method of attack against Joomla powered sites is SQL injection. Any web application that makes use of a database usually communicates with the database for necessary ...

Joomla has everything you may need. Right? If you take a look to the Joomla Extensions site, you may agree with this. But, as always, there may be cases, when the above statement is wrong. For specific ...

... settings is to have 'Display Errors' switched on. This is very useful when developing and debugging a site, but there is a security vulnerability in PHP (not Joomla, but the language in which Joomla was ...

The Paharma Hack (or Blackhat SEO Spam Hack) is a very elaborated hack wich is often unobserved for the regular visitors - and website owners - because does an ingenious trick: present a different version ...