CODEWITHSUNDEEP
phpjoomlajoomla2.5
Ionut Gogu
Ionut Gogu

Reputation: 1

Preventing hacking attacks on a Joomla 2.5 site

I have a Joomla 2.5 site with a plugin installed. That plugin sent me an email saying that someone tried to hack my site. What can I do to avoid hacking? This was the email:

** Local File Inclusion [GET:lm_absolute_path] => ../../../
** Local File Inclusion [REQUEST:lm_absolute_path] => ../../../

**PAGE / SERVER INFO


*REMOTE_ADDR :
76.8.53.131

*HTTP_USER_AGENT :


*REQUEST_METHOD :
GET

*QUERY_STRING :
lm_absolute_path=../../../&install_dir=http:// www .google. com/humans.txt?



** SUPERGLOBALS DUMP (sanitized)


*$_GET DUMP
 -[lm_absolute_path] =>
 -[install_dir] => http:// google. com/humans.txt?


*$_POST DUMP


*$_COOKIE DUMP


*$_REQUEST DUMP
 -[lm_absolute_path] =>
 -[install_dir] => http:// google. com/humans.txt?

Upvotes: 0

Views: 305

Answers (1)

Riccardo Zorn
Riccardo Zorn

Reputation: 5615

my sites get attacked a few hundred times every day.

Depending on their popularity (and sheer luck) they get into "joomla" lists, or php lists, which are then tested for each possible vulnerability.

Keeping a site safe requires a lot of work. This should be enough to get you started - but is not a complete list:

  • Keep it up to date (joomla & components!)
  • make it readonly (possibly changing the owner of the files!), do not allow writing for all folders,
  • prevent execution from the folders you need to write to (cache, images usually) with an .htaccess.
  • schedule rkhunter + maldet to run hourly or daily
  • use a code versioning system so you can easily spot any new / changed files and rollback any attacks
  • use a deep packet inspection firewall - or a host that does it for you
  • use a plugin that adds extra protection to joomla - this you're doing already.
  • prevent fingerprinting
  • prevent direct execution except for index.php & administrator/index.php (ensure your components still work, this may require some tweaking)
  • keep logs (apache access_log, error_log, + log php errors)
  • read/ review the logs weekly. I know it's boring, but how else are you going to learn what's going on? Some regexp might be required if you want to do something else in your life other than this. In time you'll build scripts that remove all that's normal, leaving only strange / unusual requestes, at that point you can even have them mailed to you.

Upvotes: 1

Related Questions