2. Home
  3. Tags
  4. security

security

  • Enable GoogleBot to fetch your JavaScript and CSS files

    Google announced recently that they’ve updated their webmaster guidelines to specifically note that blocking your CSS or JavaScript files may have a negative impact on your indexing and search rankings in Google. They are claiming, that for better understanding your site, they need to access these files too (and, probably next time they will want to take a peek in your laundry bag too...)
  • Enable HTTPS and make your entire site secure

    Life is full of surprises. One of these days I got a job offering with a consistent budget, one of my former clients approached me to "make his site secure".  I said yes, but when turned out what he wanted in fact i had a surprise: he wanted nothing else, just to make the browser warning about "unsecure site" go away. He actually purchased a security certificate and hired someone to install it onto his server - with no success.
  • Enhance your security with .htaccess rules

    One of often overlooked security (and not only) resource for any Joomla site is under your fingertips! With each Joomla install (even from the old Mambo days) you have a file named htaccess.txt in your site's root directory. In most cases is never touched, and left as is - most weekend webmasters don't even know what is for. A few are using it to help Joomla or the specialized SEF URL builders to make those pretty SEF URL's for their site. And that's pretty easy - in most cases it's enough to rename it to .htaccess, and you are set. But there is much more power hidden there...
  • GoDaddy's Joomla blues

    A while ago I wrote a tip about problems geting SEF URL's work on 1&1-s servers. Back then I didn't realized, that the problem is the same - or at least fairly similar - on GoDaddy's servers too. Not everywhere, I have a site running on GoDaddy with sh404SEF without any need of tweaking the .htaccess file, but recently I had issues with another site.

    So, the trick above solves the problem, but what is the cause?
  • Help, I was (almost) hacked!

    Pissed off, eh? Me too! After you put together your site (small or big, hobbyist site or a large corporate one) and installed all the security gizmos available out there you began to receive all kind of alerts about hacking attempts. This is the good scenario - succesful hacking attempts usually aren't reported: you experience the sometimes devastating effects by visiting the site.

    Anyway, you probably get frustrated over time, and you definitively will try to do something above just stopping these attacks.
  • Help! I'm Locked Out Of My Site!

    Beginning with Joomla 1.6 it's possible to lock anyone out of the back end of the website — including Super Users with Admin permissions — by setting the Site Admin permission to Deny. And this is something you can do accidentally against yourself by playing with the permissions without knowing how exactly these settings are working. That can have unpleasant side effects especially at the Super User group or at the Manager or Administrator group level. If Manager or Administrator is set to Deny, the Super User would inherit Deny from these groups, even if the Super User group is set to Allow.
  • How to restrict a user to access only one component in admin

    Sometimes you need to allow a user to access and manage only one (or a few) Joomla! component in the backend. This is quite easy to set up, you need to use cleverly the ACL sytem Joomla has allready in.
  • How to sell your downloadable products?

    Yes, things like media files - or your software. No, I don't sell software - I give it away for free, for example here. Bu I build sites with selling capabilities. My favorite solution for it is VirtueMart, THE shop to be used with Joomla.

    Is powerful - but is not for beginners, you can easily lost here without proper guidance.
  • How to turn on the "?tp=1" trick in Joomla 1.7+?

    In a previous tip I enumerated couple of methods on how you can make visible the template positions in Joomla 1.7+.

    But there seems to be at least two different problems for some users.
  • HTTP Sniffing

    HTTP stands for 'HyperText Transfer Protocol', and it is the mechanism used to transfer data from one computer to another across the Internet. You can use HTTP to request information from a server, or to send information to a client by wrapping the request or data in a 'packet'.
  • JavaScript hijacking

    JavaScript hijacking is a technique that an attacker can use to masquerade as a valid user and read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML). Nearly all major Ajax applications have been found vulnerable.
  • Joomla ACL

    ACL stands for access control levels. It refers to who has permission to do what on the website, including read, create, edit, delete, or log in, among other permissions.

    Many think of ACL as relating to the front end of a website only. For example, when I log into the website, what articles do I have available to me? And if someone else logs into the site, do they see the same articles, or do they see different ones?
  • Joomla update warnings via Google Webmaster Tools

    Now you have one more extra reason to use Google's very useful Webmaster Tools. Recently Google added to his arsenal of Joomla related enhancements a useful one: In the Google Webmaster Tools you will see a warning with useful details on what to do each time yor Joomla site gets outdated!
  • Keep your Joomla core up to date!

    You may think that updating your Joomla site to the latest version is not something worth doing every time a new version is released. The site works just fine, and you are not interested in the eventual new additions. You're wrong! There's always a major reason for update to the latest version of Joomla: Security!
  • Locate modified files

    If files have been modified on your server, or files have been uploaded for instance, you can check the timestamps on those files to find out when the attacker was on your site. This is typical in the case of sites being defaced or malicious code being injected somewhere. Most of the time, the attacker will have gained access to your site shortly before modifying or uploading files to it.
  • Lost admin password - reloaded

    Did you manage to lost your password? Worst, maybe you lost the Super Administrator password? And for some reason you can't use the retrieve lost password functionality of Joomla...  If you use Joomla, if you forget your password you could just simply click on the "Forgot password" menu, and the new password will be sent to your email address. But what if you can't remember the exact e-mail address, or you have a local, development version and did not have the mailer handy... or your Internet connection is down? Or, worse - happened to me couple of times - you need to overtake a site originally developed by someone else?
  • Misterious "Bad Certificate" error when you click on certain inner links

    One of my clients, who have serious Joomla background complained recently, that on his brand new Joomla site when he clicked on one of menu items his browser raised the well known "Bad Certificate" error. The site obviously worked well, but for some reason the link to that inner page was created using the https:// prefix.

    Obviously, he had no valid security certificate in place - as many sides does not have these days, but the menu entry being an inner, Joomla generated link he (and myself, for some... 5 minutes approx) was dazzled, what might happened?
  • Move your /temp and /log folders outside of webroot

    It's always a wise move to move your sensitive files outside of the so called WEBROOT, the directory which is used by Apache to show your website. This way you can be sure, that nobody else, but your Joomla core code can use these files.

    Moving some files/folders, like the main configuration.phpor the location of admin login may be tricky, but mowing these two key folders is relatively simple.
  • Moving the location of admin login

    Most of attacks on the web - and Joomla sites aren't an exception - are made fully or in first phase at least by automated robots. These are using known entrance points as administrator logins to most used software solutions to try they chances to break in. So it's a wise move to change these well known locations. But wait! The need to upgrade compatibility may made this difficult, so, how we can do this without changing a line in Joomla code?
  • Moving the location of Admin login - reloaded

    In a previous tip where I described how you can made a Joomla site more secure by relocating the admin login page I presumed that anyone reading it is a code guru. But what if not? More and more webmasters today are casual Joomla users - and they deserve attention too!

Page 2 of 4