[SWLUG] Joomla! security loophole

lists at truthisfreedom.org.uk lists at truthisfreedom.org.uk
Thu Aug 11 08:06:02 UTC 2011


Quoting Neil Jones <neil at nwjones.demon.co.uk>:

> At last nights meet up there was some brief discussion of a security
> problem with Joomla!
> Can anyone remind me what it was?

How long have you got? :P

There are many security loopholes in Joomla, however I believe the one  
I mentioned specifically is the requirement to have very lax  
permissions in order to install.

Check the permissions of all directories under the joomla site root  
and make sure that none of them are "777" ("rwxrwxrwx") as this will  
enable any user on the server (or from the outside!) to upload code to  
this directory and execute it.

The best options to make sure you're as protected as you can be are as  
follows:

1) Always keep your Joomla installation up to date (Every so often we  
find a customer who is running a version of Joomla from 2006!)

2) Don't use Joomla

If you're going to go down route (2) then I'd suggest looking at  
Drupal or similar.

Kind regards,

Matt



More information about the Swlug mailing list