Optimize Joomla Security and Prevent Getting Hacked
- Category : Website Security
- Posted on : Apr 01, 2011
- Views : 2,698
- By : Naftali P.
Always remember to make a regular backup of your website and database. If you still get hacked, you can always get back to an older version of your website. Make sure you find out which extension caused the vulnerability and un-install it.
CHANGE THE DEFAULT DATABASE PREFIX (JOS_)
- Log on to your Joomla! back-end.
- Go to your global configuration and search for the database
- Change your database prefix (Example: fdasqw_) and press Save.
- Go to phpMyAdmin to access your database.
- Go to export, leave all default values and press Start. Exporting the database can take a while.
- When done, select all code and copy it to notepad (or any other text editor)
- In phpMyAdmin, select all tables and delete them
- In notepad, do a Search & replace (Ctrl + H). Set the searchterm to jos_ and change it into your new prefix (Example: fdasqw_). Press "Replace all".
- Select everything in your notepad file and copy it. In phpMyAdmin, go to SQL, paste the queries and press Start.
REMOVE VERSION NUMBER / NAME OF EXTENSIONS
- Retrieve all files of the extension from your server.
- Open up Dreamweaver.
- Load any file from the extension that you just downloaded to your local machine.
- Use the Search function and set the search to Search through specified folder. Navigate to the folder where you downloaded the exploit to.
- Set the search term to "MyExtension version 2.14" and press OK.
- When found the correct file, remove the version number.
- Upload the changed file to your server and check if the changes are made.
USE A SEF COMPONENT
KEEP JOOMLA! AND EXTENSIONS UP TO DATE
USE THE CORRECT CHMOD FOR EACH FOLDER AND FILE
- PHP files: 644
- Config files: 666
- Other folders: 755
DELETE LEFTOVER FILES
CHANGE YOUR .HTACCESS FILE
########## Begin - Rewrite rules to block out some common exploits # # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] # Block out any script that includes a < script> tag in URL RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR] # Block out any script that tries to set CONFIG_EXT (com_extcal2 issue) RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR] # Block out any script that tries to set sbp or sb_authorname via URL RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR] RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits
- Joomla Administrators Security Checklist
- Visit the Joomla! security forums (1.0 and 1.5)
Categories
- cPanel Question 47
- cPanel Software Management 29
- cPanel Tutorials 13
- Development 29
- Domain 13
- General 19
- Linux Helpline (Easy Guide) 156
- Marketing 47
- MySQL Question 13
- News 2
- PHP Configuration 14
- SEO 4
- SEO 42
- Server Administration 84
- SSL Installation 54
- Tips and Tricks 24
- VPS 3
- Web Hosting 44
- Website Security 22
- WHM questions 13
- WordPress 148
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 |
Recent Articles
-
Posted on : Sep 17
-
Posted on : Sep 10
-
Posted on : Aug 04
-
Posted on : Apr 01
Tags
- ts
- myisam
- vpn
- sql
- process
- kill
- tweak
- server load
- attack
- ddos mitigation
- Knowledge
- layer 7
- ddos
- webmail
- DMARC
- Development
- nginx
- seo vpn
- Hosting Security
- wireguard
- innodb
- exim
- smtp relay
- smtp
- VPS Hosting
- cpulimit
- Plesk
- Comparison
- cpu
- encryption
- WHM
- xampp
- sysstat
- optimize
- cheap vpn
- php-fpm
- mariadb
- apache
- Small Business
- Error
- Networking
- VPS
- SSD Hosting
- Link Building
- centos
- DNS
- optimization
- ubuntu