Joomla! Security 101What to do before disaster strikes

http://akeeba.info/security-101Πέμπτη, 31 Μαρτίου 2011

Hi, I’m Nicholas Dionysopoulosand I bet you can’t pronounce my last name

http://akeeba.info/meΠέμπτη, 31 Μαρτίου 2011

The basicsWhat we’re supposed to do and rarely do it

Πέμπτη, 31 Μαρτίου 2011

Frequent, tested backupsWould you jump off a plane without a parachute?

http://akeeba.info/backupΠέμπτη, 31 Μαρτίου 2011

Update, yesterdayYesterday’s code is tomorrow’s hack

http://akeeba.info/basic-securityΠέμπτη, 31 Μαρτίου 2011

Protect your backendThe login is not enough

Πέμπτη, 31 Μαρτίου 2011

777: The number of the beastPermissions are doors; don’t leave them open

http://akeeba.info/777Πέμπτη, 31 Μαρτίου 2011

Sensible permissions

Ask your host to enable suPHP or Apache’s mod_itk

Site root 0755 or 0700

Directories 0755

Files 0644

If you “must” use 0777 (don’t!) protect with .htaccess:

order deny, allowdeny from all

Πέμπτη, 31 Μαρτίου 2011

Don’t be a sitting duckIt’s duck season!

Πέμπτη, 31 Μαρτίου 2011

Mind your prefixNobody wants to be a jos_

http://akeeba.info/prefixΠέμπτη, 31 Μαρτίου 2011

62 reasons to fire your Super Administratoror 42, depending on Joomla! version...

http://akeeba.info/62-reasonsΠέμπτη, 31 Μαρτίου 2011

Security Kung-FuYou can’t kill a Ninja

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Visual fingerprintingSeeing is believing and then some

tp=1

tmpl=offline

template=ja_puri

tyhttp://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Visual fingerprinting

RewriteCond %{QUERY_STRING} (&|%3F){1,1}tp= [OR]

RewriteCond %{QUERY_STRING} (&|%3F){1,1}template= [OR]RewriteCond %{QUERY_STRING} (&|%3F){1,1}tmpl= [NC]

RewriteRule ^(.*)$ - [R=404,L]

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

PHP has a big mouthand that’s not water cooler gossip!

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

PHP has a big mouth

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

PHP has a big mouth

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

RewriteCond %{QUERY_STRING} ^%3F=PHPE9568F36-D428-11d2-A769-00AA001ACF42 [OR]RewriteCond %{QUERY_STRING} ^%3F=PHPE9568F34-D428-11d2-A769-00AA001ACF42 [OR]RewriteCond %{QUERY_STRING} ^%3F=PHPE9568F35-D428-11d2-A769-00AA001ACF42 [OR]RewriteCond %{QUERY_STRING} ^%3F=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000RewriteRule ^(.*)$ - [R=404,L]

PHP has a big mouth

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Blind ElephantMeet your supervillain

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Blind Elephant

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

Blind Elephantnicholas@teapot:~/blindelephant$ ./BlindElephant.py mysite.com joomlaLoaded /home/nicholas/projects/3rdparty/blindelephant/trunk/src/build/lib.linux-x86_64-2.6/blindelephant/dbs/joomla.pkl with 33 versions, 3696 differentiating paths, and 122 version groups.Starting BlindElephant fingerprint for version of joomla at http://joomla.ubuntu.web

Hit http://joomla.ubuntu.web/media/system/js/validate.jsPossible versions based on result: 1.5.17, 1.5.18

Hit http://joomla.ubuntu.web/includes/js/joomla.javascript.jsPossible versions based on result: 1.5.17, 1.5.18

Hit http://joomla.ubuntu.web/media/system/js/caption.jsPossible versions based on result: 1.5.17, 1.5.18

Hit http://joomla.ubuntu.web/media/system/js/openid.jsPossible versions based on result: 1.5.17, 1.5.18

Hit http://joomla.ubuntu.web/templates/rhuk_milkyway/css/template.cssPossible versions based on result: 1.5.17, 1.5.18

Fingerprinting resulted in:1.5.171.5.18

Best Guess: 1.5.18

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

RewriteRule ^(images/stories/*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L]RewriteCond %{REQUEST_FILENAME} -fRewriteCond %{HTTP_REFERER} !^http[s]{0,1}://(.+\.)?www\.example\.com [NC]RewriteRule \.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?)$ - [R=404,L]

Blind Elephant

http://akeeba.info/ninjaΠέμπτη, 31 Μαρτίου 2011

More protection for you

The Master.htaccess

http://akeeba.info/master-htaccess

Admin ToolsProfessional

http://akeeba.info/atpro

free!

15 €

use coupon code

JDNL11Πέμπτη, 31 Μαρτίου 2011

That’s me...and this is the perfect time to ask me questions!

Πέμπτη, 31 Μαρτίου 2011

That’s all folks!Want the slides? http://akeeba.info/security-101

Πέμπτη, 31 Μαρτίου 2011