8 Most Popular Joomla Hacks & How To Avoid Them
-
Upload
sitegroundcom -
Category
Technology
-
view
25.893 -
download
6
description
Transcript of 8 Most Popular Joomla Hacks & How To Avoid Them
![Page 1: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/1.jpg)
Daniel Kanchev @dvkanchev
8 Most Popular Joomla! Hacks &
How To Avoid Them
![Page 2: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/2.jpg)
Daniel Kanchev
7+ Years of Joomla! experience 5 Years with SiteGround Love FOSS Addicted to extreme sports
Before we begin …
@dvkanchev
![Page 3: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/3.jpg)
of 100,000 Joomla! sitesSiteGround is the home
![Page 4: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/4.jpg)
We face hundreds if not thousands security attacks per day …
![Page 5: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/5.jpg)
“Why would somebody hack me?”
![Page 6: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/6.jpg)
Hackers don’t really care about your site. All they care is to send some spam.
![Page 7: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/7.jpg)
If anybody tells you your site is unhackable, that guy is a liar!
“Security is a not a product, but a process”
![Page 8: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/8.jpg)
1. Outdated Joomla! Core
![Page 9: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/9.jpg)
…of Joomla! file upload security bug
Quick demo…
![Page 10: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/10.jpg)
More info on the hack
• All versions before 3.1.5 and 2.5.14 are vulnerable
• Can be executed by anybody, no admin rights needed
• The attacker can obtain full access to Joomla! and its surrounding userspace
![Page 11: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/11.jpg)
More info on the hackJoomla!!
http://goo.gl/8YwZIk!!
Sucuri!http://goo.gl/WjLKGm!
!SiteGround!
http://goo.gl/NWkZTz
![Page 12: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/12.jpg)
UPDATE! UPDATE! UPDATE!
![Page 13: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/13.jpg)
Use software to get notified and update Joomla! Core
![Page 14: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/14.jpg)
Admin Tools https://www.akeebabackup.com/products/admin-
tools.html !!!
Watchful.li https://watchful.li/features/
![Page 15: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/15.jpg)
SiteGround offers Joomla! Auto Update
![Page 16: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/16.jpg)
Read security bulletins
!
Joomla! Security News:!http://feeds.joomla.org/JoomlaSecurityNews
!
Sucuri:!http://blog.sucuri.net/?s=joomla
![Page 17: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/17.jpg)
2. Extensions
![Page 18: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/18.jpg)
• Your site is up to date
• Your extensions are up to date
• But you still get hacked…
• Wonder why?
Here’s a Scenario:
![Page 19: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/19.jpg)
Extension vulnerabilities
• Sometimes when vulnerability in an extension is found, it takes the extension developers too much time to fix it.
• Therefore it’s always good to use a WAF!
• WAF = Web Application Firewall
![Page 20: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/20.jpg)
Popular WAFs
![Page 21: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/21.jpg)
SiteGround adds more than 200 mod_sec rules every week.
![Page 22: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/22.jpg)
Example mod_sec rule
# 30.Sep.2013 # joomla com_seminar Cross site scripting Vulnerability # http://cxsecurity.com/issue/WLB-2013090184 SecFilterSelective REQUEST_FILENAME "index\.php" "chain,id:00680" SecFilterSelective ARG_option "com_seminar" chain SecFilterSelective ARG_search "onmouseover"
![Page 23: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/23.jpg)
CloudFlare and Incapsula are advanced mod_security alike FREE services
which add a CDN functionality.
![Page 24: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/24.jpg)
![Page 25: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/25.jpg)
More Security Bulletins
Joomla! Extensions Security News:!!
http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions
![Page 26: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/26.jpg)
3. Themes
![Page 27: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/27.jpg)
-Nicholas Dionysopoulos
“Templates are software, not just a bunch of graphics. Template developers do release security upgrades all the time. Make sure you install them. I've seen many sites getting hacked because of a dated template with a SQL injection or XSS vulnerability.”
![Page 28: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/28.jpg)
Example
RocketTheme SQL injection in their modules!!
http://www.rockettheme.com/blog/extensions/1300-important-security-vulnerability-fixed
!
![Page 29: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/29.jpg)
WAF is good for themes too!
![Page 30: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/30.jpg)
4. Weak passwords
![Page 31: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/31.jpg)
Let me tell you a story…
![Page 32: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/32.jpg)
On April 9th we got hit by a huge brute force attack towards many Joomla!s
![Page 33: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/33.jpg)
… and we blocked more than 92,000 IPs in total across our network in just
Bots used more than a thousand different IPs per server to scan for
passes…
![Page 34: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/34.jpg)
In 12 hours we blocked more than 15 million login requests
But still, we thought many passwords were guessed
![Page 35: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/35.jpg)
And we were shocked how many passwords we found.
We then tried to brute force our clients ourselves.
![Page 36: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/36.jpg)
Over 40% of our customers used Really Weak passwords.
![Page 37: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/37.jpg)
Username is admin
Let me show you how easy it is to guess a dumb password, say:
“pass123”
![Page 38: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/38.jpg)
So in less than 10 seconds I’ve got your password
![Page 39: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/39.jpg)
Tip: Change your password to a full sentence - it’s easy to remember and hard
to guess like: !
“I love to watch the sunset.”
![Page 40: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/40.jpg)
admin2 is not acceptable too ;) Try with: !
yourname_@dm1n
Tip 2: Change your username!
![Page 41: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/41.jpg)
Tip 3: Additionally secure your administrator login page
• Allow access only from certain IP addresses
• Add Captcha
• Password protect the administrator folder
• Use secret URL parameters
![Page 42: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/42.jpg)
5. Outdated Server Software
![Page 43: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/43.jpg)
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Old PHP 5.3 running as CGI remote execution exploit
![Page 44: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/44.jpg)
Quick demo…
![Page 45: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/45.jpg)
Make sure your server side software is current at all times.
![Page 46: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/46.jpg)
6. Incorrectly configured server software
![Page 47: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/47.jpg)
http://seclists.org/fulldisclosure/2013/Aug/81
Apache Symlinks bug
public_html/fred.txt —> /home/otheracct/public_html/configuration.php
Add to httpd.conf or .htaccess file: SymLinksIfOwnerMatch
The Problem:
The Solution:
![Page 48: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/48.jpg)
7. Joomla! Permissions
![Page 49: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/49.jpg)
Correct Joomla! Permissions set
• Folders: 755 • Files: 644 • configuration.php: 444
![Page 50: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/50.jpg)
Incorrect Joomla! Permissions set
• All: 777 • Anything more than: 755
![Page 51: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/51.jpg)
It’s a must to have account isolation, when hosted on shared.
![Page 52: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/52.jpg)
8. Malware
![Page 53: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/53.jpg)
Viruses and Trojans steal your login details.
![Page 54: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/54.jpg)
Stay up to date on anti-virus software.
![Page 55: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/55.jpg)
So let’s recap…• Update your Joomla!
• Update your extensions. Read security bulletins ones in a while.
• Update your themes. Don’t forget that!
• Use strong passwords and non default admin usernames.
• Make sure your server side software is current (PHP, Apache, MySQL)
• Make sure your server side software is correctly setup
• Use correct file permissions for Joomla!
• Watch up for that sneaky malware
![Page 56: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/56.jpg)
Questions?
![Page 57: 8 Most Popular Joomla Hacks & How To Avoid Them](https://reader034.fdocuments.net/reader034/viewer/2022052522/554bccf3b4c905706a8b489b/html5/thumbnails/57.jpg)
Thank you! !
70% OFF HOSTING DISCOUNT !
http://www.siteground.com/webinar