Optimize Joomla Security and Prevent Getting Hacked
- Category : Website Security
- Posted on : Apr 01, 2011
- Views : 1,882
- By : Naftali P.
Always remember to make a regular backup of your website and database. If you still get hacked, you can always get back to an older version of your website. Make sure you find out which extension caused the vulnerability and un-install it.
CHANGE THE DEFAULT DATABASE PREFIX (JOS_)
- Log on to your Joomla! back-end.
- Go to your global configuration and search for the database
- Change your database prefix (Example: fdasqw_) and press Save.
- Go to phpMyAdmin to access your database.
- Go to export, leave all default values and press Start. Exporting the database can take a while.
- When done, select all code and copy it to notepad (or any other text editor)
- In phpMyAdmin, select all tables and delete them
- In notepad, do a Search & replace (Ctrl + H). Set the searchterm to jos_ and change it into your new prefix (Example: fdasqw_). Press "Replace all".
- Select everything in your notepad file and copy it. In phpMyAdmin, go to SQL, paste the queries and press Start.
REMOVE VERSION NUMBER / NAME OF EXTENSIONS
- Retrieve all files of the extension from your server.
- Open up Dreamweaver.
- Load any file from the extension that you just downloaded to your local machine.
- Use the Search function and set the search to Search through specified folder. Navigate to the folder where you downloaded the exploit to.
- Set the search term to "MyExtension version 2.14" and press OK.
- When found the correct file, remove the version number.
- Upload the changed file to your server and check if the changes are made.
USE A SEF COMPONENT
KEEP JOOMLA! AND EXTENSIONS UP TO DATE
USE THE CORRECT CHMOD FOR EACH FOLDER AND FILE
- PHP files: 644
- Config files: 666
- Other folders: 755
DELETE LEFTOVER FILES
CHANGE YOUR .HTACCESS FILE
########## Begin - Rewrite rules to block out some common exploits # # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] # Block out any script that includes a < script> tag in URL RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR] # Block out any script that tries to set CONFIG_EXT (com_extcal2 issue) RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR] # Block out any script that tries to set sbp or sb_authorname via URL RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR] RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits
- Joomla Administrators Security Checklist
- Visit the Joomla! security forums (1.0 and 1.5)
Categories
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | ||||||
2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 | 24 | 25 | 26 | 27 | 28 | 29 |
30 |
Recent Articles
-
Posted on : Jul 25
-
Posted on : Jul 07
-
Posted on : Apr 07
-
Posted on : Mar 19
Optimized my.cnf configuration for MySQL 8 (on cPanel/WHM servers)
Tags
- layer 7
- tweak
- kill
- process
- sql
- Knowledge
- vpn
- seo vpn
- wireguard
- webmail
- ddos mitigation
- attack
- ddos
- DMARC
- server load
- Development
- nginx
- php-fpm
- cheap vpn
- Hosting Security
- xampp
- Plesk
- cpulimit
- VPS Hosting
- smtp
- smtp relay
- exim
- Comparison
- cpu
- WHM
- mariadb
- encryption
- sysstat
- optimize
- Link Building
- apache
- centos
- Small Business
- VPS
- Error
- SSD Hosting
- Networking
- optimization
- DNS
- mysql
- ubuntu
- Linux