Menu Content

Checking your Joomla! site security

Recently, we have experienced some attempts of Joomla! attack attempts. Therefore, we have decided to publish this article. It is no new discovery, but it brings information to help you sleep well. Especially important this article is for users who are using older Joomla! versions (previous to 1.0.12).
First of all, you should check that your .htaccess file contains following rules, which are now parts of Joomla! distribution by default, but it has not been always so.

########## Begin - Rewrite rules to block out some common exploits## If you experience problems on your site block out the operations listed below## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits


You should have these rules enabled no matter whether you are using SEF components or not.

Now, what does JoomSEF 2.2.2 adds to this? The answer is simple. If you will install or upgrade to JoomSEF 2.2.2, your site will be protected against most known hacks even when you do not have the rules above included in your .htaccess file. But in any case, we recommend you do not rely on this and except upgrading to JoomSEF 2.2.2 you also check that you have the rules in place and if not, add them.

Newsflash

VM Invoice 3.1.17 right now!

05.04.2019

New release of VirtueMart PDF Invoice generator - VM Invoice 3.1.17 is now available. This new version introduces fix reported by our users and new feature.

New JoomSEF 4.7.6 is here!

05.04.2019

JoomSEF 4.7.6 is now available for download or upgrade. This release include some new improvement, improvement and also the known bug fix. Read more about the new features.

VM Invoice 3.1.16 is available

05.02.2019

New release of VirtueMart PDF Invoice generator - VM Invoice 3.1.16 is now available. This new version introduces fix reported by our users.

VM Invoice 3.1.15 is here

06.12.2018

New release of VirtueMart PDF Invoice generator - VM Invoice 3.1.15 is now available. This new version introduces some new features and improvements as well as fixes reported by our users.

New JoomSEF 4.7.0 compatible with Joomla 3.7

01.08.2017

JoomSEF 4.7.0 is now available for download or upgrade. This release include some new features, improvement and also the known bug fixes. Read more about the new features.

User Login Empty