Joomla CMS is not product from God. Not also the result of retirement of Paranormal. Joomla is the result of the initiative and creativity of the developer / programmer. But because he made by human, he is not perfect. There are many socket (port) that precisely. There is also the cavity (lack) of each other (bug). There is also a mistake from webmaster. The Question, what is your Joomla Site Secure/ Safe?
There is no perfection in the work of creative men. Because the process of evolving thinking man seeking improvement over the copyright. Talk copyrighted works, then we can discuss Joomla as language. Joomla is no escape from the many mistakes. However, there are always improvements that are issued. So the system patching applies opensource world in general. Windows hundreds of programmers who are also still many bug.
There are many questions about the security point Joomla site. As an opensource program, Joomla is open to criticized and hack. Also open to the process improvement system (Patching). There are four things that can be used as benchmarks to test the security level of Joomla site. The four things are:
1. Integrity (integration) of PHP script code and html in Joomla
2. Joomla permissions (chmod)
3. Joomla Configuration and Settings (Configuration and Joomla Component)
4. Component extensions, plugins, and the addon that encircle the site Joomla
Integrity (integration) of PHP script code and html in Joomla
Joomla 1.5.xx is one example of how loosing perfection coding is required. However, if the escape he became the target shoot. Joomla site designed as a community (web 2.0). Community site requires the interaction between the user (member), visitor and the owner (owner). Interaction will forfeit eyehole can be intruded. Attendance is a form of early to commit a crime on the web. Form is actually the door (backdoor) the most easy to be hacked. In Joomla 1.5.0 then be open for the script inserts can be manipulated with characters that can disrupt sintax of script.
Joomla permissions (chmod)
This weapon is a mainstay of the hacker (tester) to test the site's top level close threat interpolation code (unix shell, phpshell). More the site have open permission, the site is very easy to be hacked by using permissions on the sites.
So, Have you set up folders and files on your secure position. See all the permissions back folders and files. Check the work is tedious and tiring. Tired better now than later when your site get hacked. The Tips, use the software to check permissions. Use applications FTP Client such as Cuteftp, filezilla, Fireftp, wsftp and others to check permissions for a large-scale.
Joomla Configuration and Settings (Configuration and Joomla Component)
My Joomla sites ever been hacked. One of the way is through the door of configuration.php file. This file is include in the index.php to display. Finally, this file configuration.php hacked by random, removed and replaced with the message "Your site has been hacked" Ohh its vey the pain. I devote a tidy work site. After I was check back I set the wrong time sessions and a very old configuration.php file permissions are 664. The other is closed (666 and 755)
It is important to note that do not change the default configuration (default) from Joomla. Let all the configuration is running normally (default). Not changed when it is not required. Make sure you know what changed. And be sure also to debug the site after the changed configuration
Component extensions, plugins, and the addon that encircle the site Joomla
This is dangerous. Most common and often become problem is attack Joomla through extensions such as joomla plugin (mambot), module and component is a soft target for hacking. The following are the extensions that have been hacked by the hacker:
1. simple shop 2.0 SQL Injection Vulnerable
2. com_hwdvideoshare SQL Injection Vulnerable
3. com_clasifier (cat_id) SQL Injection Vulnerable
4. com_pccookbook (user_id) SQL Injection Vulnerable
5. astatsPRO 1.0 refer.php SQL Injection
6. com_galeria Remote SQL Injection Vulnerable
7. jooget <= 2.6.8 Remote SQL Injection Vulnerable
8. mediaslide (albumnum) Blind SQL Injection Explt.
9. xfaq 1.2 (aid) Remote SQL Injection Vulnerable
10. NeoGallery 1.1 SQL Injection Vulnerable
11. com_noticias 1.0 SQL Injection Vulnerable
12. com_doc Remote SQL Injection Vulnerable
13. Marketplace 1.1.1 SQL Injection Vulnerable
14. mosDirectory 2.3.2 (catid) SQL Injection Vulnerable
Its my suggestion, Always patching you joomla site with newest patch...
TrackBack URI for this entry
Subscribe to this comment's feed
Articles 
