[SWLUG] Joomla! security loophole
lists at truthisfreedom.org.uk
lists at truthisfreedom.org.uk
Thu Aug 11 08:06:02 UTC 2011
Quoting Neil Jones <neil at nwjones.demon.co.uk>:
> At last nights meet up there was some brief discussion of a security
> problem with Joomla!
> Can anyone remind me what it was?
How long have you got? :P
There are many security loopholes in Joomla, however I believe the one
I mentioned specifically is the requirement to have very lax
permissions in order to install.
Check the permissions of all directories under the joomla site root
and make sure that none of them are "777" ("rwxrwxrwx") as this will
enable any user on the server (or from the outside!) to upload code to
this directory and execute it.
The best options to make sure you're as protected as you can be are as
follows:
1) Always keep your Joomla installation up to date (Every so often we
find a customer who is running a version of Joomla from 2006!)
2) Don't use Joomla
If you're going to go down route (2) then I'd suggest looking at
Drupal or similar.
Kind regards,
Matt
More information about the Swlug
mailing list