Where can we find good tutos about joomla security?
-
-
- Franck
- Elite Rocketeer
- Posts: 1049
- Thanks: 0
-
Hello,
I have several site with joomla and never been hacked BUT I would like to find informations about secure installations. Do you know a tutorial about that or can you share some tips?
Thx!
-
-
-
- GollumX
- Elite Rocketeer
- Posts: 2817
- Thanks: 0
-
There's no better source of information on the planet about Joomla Security than at Joomla.org.
Check out the Security & Performance FAQ and the Administrators Security Checklist.
Good to see you're interested in Security. I was stupid... I only visited the Joomla security forum after I got hacked. :-[ - Say no to Internet Explorer 6.
twitter.com/mark_up
-
-
-
- Natalie D.
- Rocketeer
- Posts: 75
- Thanks: 0
- very pertinent question!!!!!!!!!!!!!
-
-
-
- Franck
- Elite Rocketeer
- Posts: 1049
- Thanks: 0
-
GollumX wrote:
There's no better source of information on the planet about Joomla Security than at Joomla.org.
Check out the Security & Performance FAQ and the Administrators Security Checklist.
Good to see you're interested in Security. I was stupid... I only visited the Joomla security forum after I got hacked. :-[
Thanks a lot GollumX!
I will study every word of these FAQ's and posts. What type of confidential files do you place outside of public_html? only the conguration.php? If you have several joomla sites, do you create one folder outside public_html for everyone or do you rename the config files?
Natalie, I read your post about your hacked site. A friend's site was hacked few days ago and he lost everything! I think it's very important to secure all our installations and make regularly a complet backup. It's a big problem with joomla and third party script... - Last Edit: 17 years 10 months ago by Franck.
-
-
-
- GollumX
- Elite Rocketeer
- Posts: 2817
- Thanks: 0
- Franck, you can just rename the config files, or put them in folders, whichever you prefer, so long as you specify the path and name in the new configuration.php file you'll put in public_html to replace the one you're moving.
- Say no to Internet Explorer 6.
twitter.com/mark_up
-
-
-
- James Spencer
- Preeminent Rocketeer
- Posts: 46340
- Thanks: 50
-
GollumX wrote:
Franck, you can just rename the config files, or put them in folders, whichever you prefer, so long as you specify the path and name in the new configuration.php file you'll put in public_html to replace the one you're moving.
I am a tad confused, could you elaborate .... Pleasssssssse
- James Spencer / Developer & Support / Hull, UK
-
-
-
- Franck
- Elite Rocketeer
- Posts: 1049
- Thanks: 0
-
Hello James,
First you need to follow the steps bellow (from forum.joomla.org/index.php/topic,122594....04266.html#msg604266 )
Overview
This great tip comes from a post by friesengeist.
One challenge in Joomla! is ensuring that certain PHP files in public_html containing executable code or confidential data are protected from direct Internet access.
There are various ways to protect such files, but most are not optimal. Many users and developer groups, such as Gallery2 and Apache.org strongly recommend against keeping vulnerable files and confidential data inside public_html. The following method seems to be the simplest and most elegant way to protect read-only files that for whatever reason must be stored in public_html. In this example, we protect configuration.php, perhaps the most confidential file of any Joomla! site.
Directions
1. Move configuration.php to a safe directory outside of public_html and rename it whatever you want. We use the name joomla.conf in this example.
2. Create a new configuration.php file containing only the following code:
Code:
<?php require( dirname( __FILE__ ) . '/../joomla.conf' ); ?>
Do not include blank lines above the php start tag "<?php" or below the php stop tag, "?>". Such blank lines will trigger the infamous "headers already sent" error. e.g.:
Code:Warning: Cannot modify header information - headers already sent by (output started at /home/xxxxx/public_html/configuration.php:2) in /home/xxxxx/public_html/index.php on line 250
3. Make sure this new configuration.php is not writable at all, so that it can not be overridden by com_config.
4. If you need to change configuration settings, do it manually in the relocated joomla.conf.
Note: Using this method, even if the Web server somehow delivers the contents of PHP files, for example due to a misconfiguration, nobody can see the contents of the real configuration file.
Back to Security FAQ Table of Contents
Keywords: FAQ, security, config, configuration, configuration.php, public_html, web_root, secure files
Well, if you have several joomla sites in the same public_html, you can create a folder outside. Then, rename all the configuration.php files you will put into this folder. For example:
domain1_config.php
domain2_config.php
domain3_config.php
etc.
Like GollumX said just "specify the path and name in the new configuration.php file you'll put in public_html to replace the one you're moving".
I think this will works.
-
Time to create page: 0.057 seconds