Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
?
3 likes?1,038 views
This document provides a summary of Joomla! security best practices in three sentences or less: Updated server software, permissions and ownership, and using sane file permissions are discussed to help secure a Joomla! site. Frequent and automated backups that are stored off site, as well as using tools like password managers and .htaccess rules, can help protect a Joomla! site. The document also provides instructions for what to do if a site becomes hacked, emphasizing not to panic and to have backups ready.
Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013
- 1. Joomla! Security 101 version 6.0
- 2. Mission: Impossible Talking in-depth about Joomla! security in 30 minutes or less... but I¡¯ll try!
- 3. Put your pens away Sit back and enjoy
- 4. Updated server software PHP, MySQL, Apache, FTP Server...
- 5. Permissions & ownership Who can do what and where
- 6. Sane ownership & permissions All ?les and folders owned by the FTP user Use Joomla!¡¯s FTP mode on shared hosts Folders 0755 permissions ? Files 0644 permissions If you ¡°must¡± use 0777 (don¡¯t!), protect with .htaccess order deny, allow deny from all allow from none Better yet, use suPHP or FastCGI
- 7. Too much to remember? Akeeba Backup User¡¯s Guide, Security Information https://www.akeebabackup.com/documentation/ akeeba-backup-documentation/security-info.html 777: The number of the beast http://www.dionysopoulos.me/blog/777-the-number- of-the-beast
- 8. Update, yesterday Joomla! & extensions
- 9. Think before installing Don¡¯t be the mouse in the trap!
- 10. Length matters
- 11. Your Password¡¯s length matters
- 12. A terrifying thought Password hacking super-computer: 2,700 USD (back in 2010; much cheaper now)
- 13. How safe is your password? Password Bits Iterations Time to crack 15082005 admin ortrtaortftaaidbt 0rtrTA0rtfTa&idbT horse correct battery stapler 13,6 12416 0.00038 msec 15,9 61147 0.00185 msec 67,7 2,39e+20 228.95 years 88,2 3,55e+26 340 million years 107,2 1,86e+32 178179 billion years
- 14. Derive from a sentence
- 15. Derive from a sentence the quick brown fox jumped over the lazy dog
- 16. Derive from a sentence the quick brown fox jumped over the lazy dog t q b f j o t l d
- 17. Derive from a sentence the quick brown fox jumped over the lazy dog t q b f j o t l d t q b F j o t l D
- 18. Derive from a sentence the quick brown fox jumped over the lazy dog t q b f j o t l d t q b F j o t l D + q b F j o + l D
- 19. Derive from a sentence the quick brown fox jumped over the lazy dog t q b f j o t l d t q b F j o t l D + q b F j o + l D + q b F j 0 + 1 D
- 20. Derive from a sentence +qbFj0+1D
- 21. Still unsure? Write it down And keep it ON YOUR PERSON! +qbFj0+1D
- 22. Use a password manager And keep it on your person (mobile device)
- 23. Lock it down Nothing on my site runs unless I say so
- 24. .htaccess Rules My Master .htaccess - FREE http://akeeba.assembla.com/code/master-htaccess/ git/nodes/htaccess.txt Admin Tools Professional https://www.akeebabackup.com/products/46- software/855-admintools.html
- 25. Armor up Protect your site
- 26. Backups Frequent, automated, off-site backups
- 27. Use myJoomla.com Dead easy site auditing ¨C and ?xing!
- 28. In spite of it all¡
- 29. Dammit! You got hacked, now what?
- 30. DON¡¯T PANIC
- 31. We¡¯ve got instructions Unhacking your site https://www.akeebabackup.com/documentation/ walkthroughs/item/1124-unhacking-your-site.html You do have backups, right? You did use myJoomla.com, right? Make sure you read the instructions before getting hacked.
- 32. Questions?
- 34. Thank you for listening! Image credits for copyrighted images: sxc.hu; istockphoto.com Coprights of the logos and screenshots of software displayed in this presentaiton is owned by their respective companies