Joomla! Security 101 - Joomla! Day Bosnia and Herzegovina 2013

  • Published on

  • View

  • Download


The sixth major revision of my security introduction presentation,


<ul><li> 1. Joomla! Security 101version 6.0</li></ul> <p> 2. Mission: ImpossibleTalking in-depth about Joomla! security in 30 minutesor less... but Ill try! 3. Put your pens awaySit back and enjoy 4. Updated server softwarePHP, MySQL, Apache, FTP Server... 5. Permissions &amp; ownershipWho can do what and where 6. Sane ownership &amp;permissionsAll les and folders owned by the FTP userUse Joomla!s FTP mode on shared hostsFolders 0755 permissions Files 0644 permissionsIf you must use 0777 (dont!), protect with .htaccessorder deny, allowdeny from allallow from noneBetter yet, use suPHP or FastCGI 7. Too much to remember?Akeeba Backup Users Guide, SecurityInformation The number of the beast 8. Update, yesterdayJoomla! &amp; extensions 9. Think before installingDont be the mouse in the trap! 10. Length matters 11. Your Passwords length matters 12. A terrifying thoughtPassword hacking super-computer: 2,700 USD(back in 2010; much cheaper now) 13. How safe is your password?Password Bits Iterations Time to crack15082005adminortrtaortftaaidbt0rtrTA0rtfTa&amp;idbThorse correct battery stapler13,6 12416 0.00038 msec15,9 61147 0.00185 msec67,7 2,39e+20 228.95 years88,2 3,55e+26 340 million years107,2 1,86e+32 178179 billion years 14. Derive from a sentence 15. Derive from a sentencethequickbrownfoxjumpedoverthelazydog 16. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotld 17. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD 18. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD+qbFjo+lD 19. Derive from a sentencethequickbrownfoxjumpedoverthelazydogtqbfjotldtqbFjotlD+qbFjo+lD+qbFj0+1D 20. Derive from a sentence+qbFj0+1D 21. Still unsure? Write it downAnd keep it ON YOUR PERSON!+qbFj0+1D 22. Use a password managerAnd keep it on your person (mobile device) 23. Lock it downNothing on my site runs unless I say so 24. .htaccess RulesMy Master .htaccess - FREE Tools Professional 25. Armor upProtect your site 26. BackupsFrequent, automated, off-site backups 27. Use myJoomla.comDead easy site auditing and xing! 28. In spite of it all 29. Dammit!You got hacked, now what? 30. DONTPANIC 31. Weve got instructionsUnhacking your site do have backups, right?You did use, right?Make sure you read the instructions before gettinghacked. 32. Questions? 33. Download this presentation 34. Thank you for listening!Image credits for copyrighted images:; istockphoto.comCoprights of the logos and screenshots of software displayed in this presentaiton is owned by their respective companies</p>


View more >