1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Joomla security, server side (hosting-wise)

Discussion in 'Security' started by abrodski, Oct 19, 2012.

  1. #1
    My question is this:
    How secure, in general, Joomla 2.5.7 is IF a Joomla admin took all the necessary measures to protect his site? After all, there's also a server where Joomla physically resides (ie. hosting). Well, my hosting is one of the best for Joomla, but still...God knows what happens behind the curtain.
    To put it simple, without paying a hacker to try to break into the site, is there a way to make sure it's safe?
    I'm not talking about FBI or some wunderkind hackers here (those would surely crack any site), I'm asking about an average hacker (though not just some kid who only pretends to know all about hacking).
    I'm aware about cloud services like what Qualys and alike offer.
    Last, but not least...I'm not asking general public about their personal opinions (they vary), but only those who knows the subject well enough.
    P.S. Almost forgot...Hosting environment vs. self-hosting at home, security-wise?
    abrodski, Oct 19, 2012 IP
  2. SolidShellSecurity

    SolidShellSecurity Banned

    Likes Received:
    Best Answers:
    Trophy Points:
    What we do for our hosting is we lock down and confine all sites to virtual directories so if one gets hacked in some way the server remains safe. We also have several other safe guards in place as well but really if you are on shared hosting you need to talk with your host and it depends on how they do stuff.
    SolidShellSecurity, Oct 19, 2012 IP
  3. RonBrown

    RonBrown Well-Known Member

    Likes Received:
    Best Answers:
    Trophy Points:
    As above - enforce impersonation, individual user accounts for each site, lock down user to site directories, individual application pools, remove permissions everywhere else on server, hardware firewalling with up-to-date intrusion prevention and detection software, anti-virus and anti-malware scanners on all server, use server firewall too - all which keep the server safe if a site is compromized, but after that it's down to the application you're using. If an app has a vulnerability then your site will be compromized even if the server remains secure and unaffected. As server admins we can't be responsible for badly written scripts and vulnerable applications that someone uses.
    RonBrown, Oct 21, 2012 IP
  4. wetbupa

    wetbupa Peon

    Likes Received:
    Best Answers:
    Trophy Points:
    After investigation squidoo made the following list of factors which are necessary to secure Joomla:

    Install JSecure - a plugin to hide the Administrator login page.
    This simple plugin allows you to create a custom URL for your admin login page, which makes it difficult for a hacker to connect to the admin panel.

    Remove the FTP functionality in Global Configuration.
    If an attacker gains access to your Joomla admin and FTP is enabled, it gives free access to your server.

    Change your password regularly.
    Change your Joomla passwords and cPanel and FTP passwords at least once a month. This is particularly important if you connect from different computers that other people have access to. When you create a password, do not use the names of your child or pet. Make it encrypted and difficult to understand. Use a random password generator to create cryptic passwords. Combine uppercase and lowercase letters, numbers and symbols if you are generating your own password.

    Disable or uninstall the extensions that are not being used.
    The basic Joomla installation comes with several components, modules and plugins. If any are not in use, turn them off. To do this go to the Joomla Extension Manager > Install / Uninstall tab and scroll to the appropriate extension using the blue tabs at the top. If you have chosen to install a third party Joomla extension that you are no longer using, uninstall it.

    Consider installing commercial security extensions.
    The following extensions are a good investment because they offer a long list of features that keep your Joomla site secure:
    RS firewall
    Mighty Defender

    Report hacking attempts on your hosting company.
    They need to know that someone is hacking the server. Only then can they provide support and solutions to secure the server for everybody.

    Install SEF (Search Engine Friendly) component.
    Without SEF URLs, hackers can seek specific URLs in your Joomla site which can give them clues for hacking. Install SEF, Joomla URL rewrite search engine friendly keywords, so hackers can not find the URL they are looking for. This is also good for SEO efforts.

    Change the table prefix in your mySQL database.
    This is for advanced users, so for starters, you better find a developer to help with this. The default Joomla table prefix is "jos_ so" hackers will expect that. Changing the prefix avoids a hack known as a SQL injection (where they inject something in your database tables).
    wetbupa, Oct 29, 2012 IP