Home » Archives for September 2013
- Go to your global configuration and search for the database
- Change your database prefix (Example: fdasqw_) and press Save.
- Go to phpMyAdmin to access your database.
- Go to export, leave all default values and press Start. Exporting the database can take a while.
- When done, select all code and copy it to notepad (or any other text editor)
- In phpMyAdmin, select all tables and delete them
- In notepad, do a Search & replace (Ctrl + H). Set the searchterm to jos_ and change it into your new prefix (Example: fdasqw_). Press "Replace all".
- Select everything in your notepad file and copy it. In phpMyAdmin, go to SQL, paste the queries and press Start.
2. Remove version number / name of extensions
Most vulnerabilities only occur in a specific release of a specific extension. Showing MyExtension version 2.14 is a really bad thing. You can modify this message to only the name of the extension by doing the following: Retrieve all files of the extension from your server.
Most vulnerabilities only occur in a specific release of a specific extension. Showing MyExtension version 2.14 is a really bad thing. You can modify this message to only the name of the extension by doing the following: Retrieve all files of the extension from your server.
- Open up Dreamweaver.
- Load any file from the extension that you just downloaded to your local machine.
- Use the Search function and set the search to Search through specified folder. Navigate to the folder where you downloaded the exploit to.
- Set the search term to "MyExtension version 2.14" and press OK.
- When found the correct file, remove the version number.
- Upload the changed file to your server and check if the changes are made.
3. Use a SEF component
Most hackers use the Google inurl: command to search for a vulnerable exploit. Use Artio, SH404SEF or another SEF component to re-write your URL's and prevent hackers from finding the exploits. Additionally, you'll get a higher rank in Google when using search engine friendly URL's.
Most hackers use the Google inurl: command to search for a vulnerable exploit. Use Artio, SH404SEF or another SEF component to re-write your URL's and prevent hackers from finding the exploits. Additionally, you'll get a higher rank in Google when using search engine friendly URL's.
4. Keep Joomla! and extensions up to date
This one is pretty obvious. Always check for the latest versions of Joomla! and the extensions you're using. Many vulnerabilities are resolved most of the times in later versions.
5. Use the correct CHMOD for each folder and file
Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:
PHP files: 644
Config files: 666
Other folders: 755
Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:
PHP files: 644
Config files: 666
Other folders: 755
6. Delete leftover files
When you installed an extension that you didn't like, don't set the extension to unbublished. If you do, the vulnerable files will still be on your website. So simply use the un-install function to totally get rid of the extension.
When you installed an extension that you didn't like, don't set the extension to unbublished. If you do, the vulnerable files will still be on your website. So simply use the un-install function to totally get rid of the extension.
7. Change your .htaccess file
Add the following lines to your .htaccess file to block out some common exploits.
Add the following lines to your .htaccess file to block out some common exploits.
########## Begin - Rewrite rules to block out some common exploits |