From erik at makeyourbusinessboom.com Mon Apr 16 12:32:12 2007 From: erik at makeyourbusinessboom.com (Erik Luhrs) Date: Mon, 16 Apr 2007 12:32:12 -0400 Subject: [joomla] Seeking Joomla designer in N.E. New Jersey Message-ID: <003a01c78044$cab21b70$6401a8c0@ErikLapTop> Hello Everyone, I am in need of someone who understands Joomla and who is located - preferably - in northeastern New Jersey, to help me with my website. If you're interested, please email me at erik at makeyourbusinessboom.com so we can arrange a time to talk. Thank you. -Erik Luhrs www.MakeYourBusinessBOOM.com Organizational Development Programs. Business Success Coaching. Seminars, Workshops and Keynotes. Information & Training Products. Phone & Fax: (877) 801-1035 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 1769 bytes Desc: not available URL: From compustretch at gmail.com Sun Apr 22 16:07:31 2007 From: compustretch at gmail.com (forest ) Date: Sun, 22 Apr 2007 16:07:31 -0400 Subject: [joomla] Joomla Security Message-ID: If you haven't seen it by now, http://www.joomlablog.org/ has so totally been hacked. I'm expecting most people have already seen this, since its been hacked so long its already cached on Google, but just a reminder to keep your Joomla site secured. cheers, forest -------------- next part -------------- An HTML attachment was scrubbed... URL: From rothmail at comcast.net Sun Apr 22 23:53:08 2007 From: rothmail at comcast.net (David A. Roth) Date: Sun, 22 Apr 2007 23:53:08 -0400 Subject: [joomla] Joomla Security In-Reply-To: References: Message-ID: <1fd50727224fb1ef131cd16206f0de4a@comcast.net> What can be done to secure a Joomla site? David Roth rothmail at comcast.net On Apr 22, 2007, at 4:07 PM, forest wrote: > If you haven't seen it by now, > > http://www.joomlablog.org/ > > has so totally been hacked. > > > I'm expecting most people have already seen this, since its been > hacked so long its already cached on Google, but just a reminder to > keep your Joomla site secured. > > > cheers, > > forest > > > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php From norman at enorm2.com Mon Apr 23 06:19:12 2007 From: norman at enorm2.com (Norman ONeil) Date: Mon, 23 Apr 2007 06:19:12 -0400 Subject: [joomla] Joomla Security In-Reply-To: <1fd50727224fb1ef131cd16206f0de4a@comcast.net> References: <1fd50727224fb1ef131cd16206f0de4a@comcast.net> Message-ID: <4E10B8DF-3F00-4E8C-82CD-B04C789056FA@enorm2.com> Make sure your extensions/modules/components are up to date and do not represent a security hole. this is a good place as well as the joomla forums to check on that http://secunia.com/search/?search=joomla Try and work with register globals off, try and secure your admin area with an htpassword. Above all try and keep your joomla instance up to date. Those are some of the rules as I have learned them over the past couple of years Norman O'Neil eNorm P.O. Box 6592 Portsmouth, NH 03802- 6592 978.255.2672 http://www.enorm2.com On Apr 22, 2007, at 11:53 PM, David A. Roth wrote: > What can be done to secure a Joomla site? > > David Roth > rothmail at comcast.net > > On Apr 22, 2007, at 4:07 PM, forest wrote: > >> If you haven't seen it by now, >> >> http://www.joomlablog.org/ >> >> has so totally been hacked. >> >> >> I'm expecting most people have already seen this, since its been >> hacked so long its already cached on Google, but just a reminder >> to keep your Joomla site secured. >> >> >> cheers, >> >> forest >> >> >> >> >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php -------------- next part -------------- An HTML attachment was scrubbed... URL: From compustretch at gmail.com Mon Apr 23 19:27:53 2007 From: compustretch at gmail.com (forest ) Date: Mon, 23 Apr 2007 19:27:53 -0400 Subject: [joomla] Joomla Security In-Reply-To: <1fd50727224fb1ef131cd16206f0de4a@comcast.net> References: <1fd50727224fb1ef131cd16206f0de4a@comcast.net> Message-ID: On 4/22/07, David A. Roth wrote: > > What can be done to secure a Joomla site? > David, Using the latest version I hope. As I understand, 1.0.12 underwent a full security audit of the SQL queries used. Also I expect you're talking about locking down an install that is known to be secure, ie you downloaded evertying from trusted source, ran your sums, and checked all your extensions against known exploits, and that you've made sure you haven't already been hacked (locking the barn door once the horse is gone, or rather, inside.) Check all your write permissions, do the standard stuff to lock everything down. Once you have your site set up you can make most everything unwriteable as Joomla wirtes everything to the sqldb. Just to be on the safe side close up directory traversing for anything youre not using. I'm sure you know the drill. Don't neglect the obvious like using secure (well-formed) passwords, not dictionary words. The kiddies love to run their dictionary scripts. Likewise, check your logs regularly to notice attacks or unusual traffic patterns, or use a perl script to notify you. The majority of the exploits I've seen are not for the base code but for the 3rd party plugins. This applies to the nearly 1500 published extensions, and one expects unpublished extensions should be treated with more caution. Check for known exploits for each extension you are using or thinking of adding. Forum plugins are one of the hardest hit, this has pretty much always been the case with php. If you're using a forum, you'll definitely want to do a security check on that module. Assuming you're interested in php and not just content management, knowing how how using registered globals enables exploits will help you understand this type of attack. There are numerous pages on the web that explain this vunerability, read them so you know what it is exactly that you are preventing from happening and give you a better understanding in general about php security. If you want to stick to just content management then hire a security professional skilled in php who will for a modest fee do a full site audit. If you're running on your own server you have more options, but also of course more responsibility. That's just a few stardard security checks off the top of my head, true sec. hardening is an art/science unto itself and I'm sure others on the list will have other items on their basic checklist, it is a very long list. cheers, Forest TMG InfoArchitecture+Design ps- Congratualations on getting inducted into the Rock n Roll Hall of Fame this year! (j/k) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ajai at bitblit.net Tue Apr 24 02:29:55 2007 From: ajai at bitblit.net (Ajai Khattri) Date: Tue, 24 Apr 2007 02:29:55 -0400 (EDT) Subject: [joomla] Joomla Security In-Reply-To: Message-ID: On Sun, 22 Apr 2007, forest wrote: > I'm expecting most people have already seen this, since its been hacked so > long its already cached on Google, but just a reminder to keep your Joomla > site secured. Its a given that you will need to keep abreast of security bulletins once you've deployed any app. Its true of any web application and servers too. -- Aj.