security

  • 500 Internal Error when saving an article - reloaded

    After solving couple of times the "500 Internal Server Error" problem as described in a previous post, I received another complaint from one of my clients I host:

    "I also cannot save the articles and here is the error I got
    500 - An error has occurred!"

    Easy cake - I was thinking, but after checking his account, discovered, that all settings described on that article (namely the collation settings in database) where correct.

  • Adding a new Joomla Super Administrator via phpMyAdmin

    Sometimes the Joomla site owners get a bit paranoic after a time, due to lot of hype about site security. Basically is nothing wrong with, a good site security is based on keeping your accounts secure. But what about when you are hired to do something in a Joomla site and you got ALL access (including FTP and database access) but you discover, that the Joomla account you received is only an Administrator. You can do a lot as an Administrator - but often not enough! Don't tell me, that this never happened to you - unless you are a Joomla rookie. What you can do?

  • Akeeba Backup

    Generally, backup is something you need to breathe, not just use, if you are in this business. It's the number one security tool. Having a fresh and usable backup can be a life saver in a number of situations, not only when your site is hacked, but on a great number of other situation, beginning from human error (accidentally deleted key parts of site - or just forgot to pay your hosting bill) to situations out of your control, as a hardware/software failure. And is essential to have an easy to use tool to move your site around - from local development environment to live hosting, or from one server to another. Enter Akeeba Backup (former Joomla Pack), a must have tool for any Joomla webmaster.

  • Avoid easy Joomla version detection

    There is a surprisingly easy way to detect your Joomla version - and one don't need sophisticated tools, like BlindElephant or his siblings to do it. And this information can be used by hackers to make you scream...

  • Block unvanted visitors using their IP address on your Joomla site?

    Sometimes you need to block a certain IP address, a group of addresses or certain hosts from accessing your Joomla website. Reasons may include:

    • It's a hacking attempt coming from that IP
    • Someone is scraping content from your website
    • A brute-force attack (in most cases a DoS - Denial of Service - attack is originated from that IP (there are too many requests coming from a particular IP
    • Someone continuously spamming your website
    • Some content from your site (images, media files) are hotlinked from your website.

    The solution is simple, but is advised to apply first other tools to stop these bad guys - overuse of this tip can slow down your site considerably, use it ony if you don't have anything else - or you are in hurry to stop an ongoing attack.

  • Botnet

    The term botnet refers to a group of computers (sometimes called zombies) that have been infected with malware to perform tasks for whomever distributed said threat. This individual, or organization, controls the botnet by sending instructions to the zombies from one or more Command & Control (C&C) servers. This is one of most used techniques to carry out brute force attacks against servers - or group of servers.

  • Brute Force Attack

    A brute force attack is just a trial and error process, that runs repeatedly to obtain the correct username and password information. An automated software is being used in this process which does not decrypt the information but just continue trying with set of words and letters.. Millions of IP’s and huge number of computers are involved in this process to check different username and password combinations and avoid triggering multiple attempt limits.

  • Change the default Joomla database prefix

    Every hacker in this world knows, that by default all Joomla database tables have the "jos_" prefix. Is that well known, than even automated defacing scripts are using this, and there are a lot of "tools" which are capable to automatically probing your site having this presumption built into them.

  • Change the file and folder permissions automatically

    File and folder permissions are a key part of your Joomla site's security. It's highly recommended that you have set them properly. They should never be 777, but ideal is 644 for files and 755 folders.

  • Choose your extensions carefully

    Choose your extensions wisely - one basic rule when you develop a Joomla site. And same applies to you, weekend webmasters! Your site is a sitting duck, waiting for hackers (especially script kiddies. Well, easy to say it, but what can be seen as "wise" choice here?

  • Clean Hacked Website Files

    By comparing infected files with known good files (from official sources or reliably clean backups) you can identify and remove malicious changes.

    Caution

    It is important that you compare the same version of your Joomla! core files and extensions. Core files on the 2.x branch are not the same as the 3.x branch and so on.

    Never perform any actions without a backup. If you’re unsure, please seek assistance from a professional.

    To manually remove a malware infection from your Joomla! files:

    1. Log into your server via SFTP or SSH.

    2. Create a backup of the site files before making changes.

    3. Search your files for reference to malicious domains or payloads you noted.

    4. Identify recently changed files and confirm whether they are legitimate.

    5. Review files flagged by the diff command during the core file integrity check.

    6. Restore or compare suspicious files with clean backups or official sources.

    7. Remove any suspicious or unfamiliar code from your custom files.

    8. Test to verify the site is still operational after changes.

    If you can't find the malicious content, try searching the web for malicious content, payloads, and domain names that you found in the first step. Chances are that someone else has already figured out how those domain names are involved in the hack you are attempting to clean.

    Diff tools to compare suspicious files with known-good copies:

  • Cleaned your site? Fix Malware warnings too

    You have done a great job by cleaning your recently hacked file? Excellent, but you not finished yet!

    If you were blacklisted by Google, McAfee, Yandex (or any other web spam authorities), your site is showing various malware warnings to your visitors, wich can be a big turn down factor. Luckily you can request a review after the hack has been fixed.

    Google is now limiting repeat offenders to one review request every 30 days.

    Be sure your site is clean before requesting a review!

    To remove malware warnings on your site:

    • Call your hosting company and ask them to remove the suspension.

      • You may need to provide details about how you removed the malware.
    • Fill in a review request form for each blacklisting authority.

      • Google Search Console
      • McAfee SiteAdvisor
      • Yandex Webmaster
      • Norton Site Security
      • (any other similar service backlisting your site)
    • The review process can take several days.
  • Clickjacking

    Is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. On a clickjacked page, the attackers load another page over it in a transparent layer, in most cases using HTML FRAME based techniques. The users think that they are clicking the buttons they are actually seeing, while they are in fact performing actions on the hidden page. This way the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page.

  • Create your next Joomla site locally with Ampps

    Like the majority of web developers I develop my websites and services locally before Ipublish them on the Internet. This makes sense in a variety of ways, from saving a lot of bandwidth to faster updating or improved security.

  • Cross Site Scripting (XSS)

    Cross Site Scripting is a hacking technique whereby malicious scripting code (usually javascript) is injected into user input forms (in a similar way to SQL injection attacks) or incorporated in a URL query string.

  • CSRF Attack

    A Cross Site Request Forgery (CSRF) attack relies on the trust a website has for a user to execute unauthorized requests and or transactions. For example, say a user is logged into their Joomla! websites' administrator interface in one tab and is browsing a compromised site in another tab.

  • Denial of Service Attacks (DOS, DDOS)

    A denial of service attack takes place when a hacker overloads a system with large or repeated requests for a service.

  • Directory Traversal

    A website is stored within a file system on a server. Some of the server's file system is therefore exposed to the outside world and can be accessed by an end-user's web browser. The part of the file system (or directory structure) that is visible to the outside world is limited to a specific root folder and its contents.

  • Disable the user name "admin"

    In various blog posts, security bulletins, etc. you can read, that you need get rid of the default "admin" user with Super Administrator privileges (and with the default UserID of 62 or 42 - depending on Joomla version) to prebent hackers using the well known username and user ID to start dictionary attacks or carry out successful SQL injection attacks against your site, but how? If you go to Joomla user manager, and want to simply delete it, you can't. More, you can't even disable it! WTF...
    Hey, it's not that complicated!
    Let me show you how can you do it in a simple - and fool-proof way!

  • Enable GoogleBot to fetch your JavaScript and CSS files

    Google announced recently that they’ve updated their webmaster guidelines to specifically note that blocking your CSS or JavaScript files may have a negative impact on your indexing and search rankings in Google. They are claiming, that for better understanding your site, they need to access these files too (and, probably next time they will want to take a peek in your laundry bag too...)