Blogs - The Conticreative Joomla Blog

Jomla Vulnerable Extension list via Email

Written by Marco Conti Monday, 21 June 2010 20:01

User Rating: / 3
PoorBest 

Keeping your site secure can be a full time job. If your Joomla! site has many third party extensions, keeping track of their vulnerabilities and updates can be a full time job in itself.

Not keeping track can be very dangerous and potentially lethal for your site and your private data.

(Skip the article and go directly to the Vulnerable Extensions Feed:
http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions make sure to use their "Subscribe by email" option)

Fortunately, the kind folks at "The Joomla Vulnerable Extension List team" have started providing an RSS feed with their findings. The feed is available here and the direct link is http://feeds.joomla.org/JoomlaSecurityNews you can also follow the discussion in the Joomla forum.

Everyone with a Joomla site should subscribe to this list. The next post could be about an extension you are using.

Why it's important to update your Joomla site and its extensions

Patching Joomla and checking on its extension is important because the moment we are alerted by the folks at Joomla that a version of the CMS or an extension has been found to contain a potential exploit, the hackers are getting the very same notice.

In fact, by the very nature of these security alerts and by compatring the patch release with an older version of the same files, the hackers are getting enough information to start searching for sites that have not been patched and hack into them. And there is nothing we can do about it eitehr except patch our sites as soon as possible.

It also helps to "de-joomlify" your site. I wrote an article about the procedure so long ago that by now it's barely relevant, but the basic ideas in it are still sound:

• Remove the name "Joomla" from all files, code, etc.
• Protect your "Administrator" folder with an Apache password
• While you are at it, create and equally protect a few more folders like:
  • wp-admin (Wordpress)
  • Admin (lots of other CMS and e-commerce scripts)
  • administration
  • and so on

The idea is to make your site as little palatable as possible. We cannot stop a determined and knowledgable hacker. It's simply not possible. But we can make it difficult enough that they may move on to another site and another victim.

Make sure to read the "Best Practices" for Joomla security in the forum. Keep your site updated, check the RSS, use strong passords backup your site and be alert.

Especially backup your site. Coming soon I'll cover the new Akeeba Backup for Joomla in a podcast. Stand by for that issue.

Another excellent idea is to bookmark the Vulnerable Extension List and whenever you want to install an extension on your Joomla site, run its name against their list. If it's there, check if a fix was found. If not, contact the developer and ask him to fix it, but don't use it and in the meantime look for an alternative.

*cc*

Set as favorite

Bookmark

Email this

Hits: 3397

Trackback(0)

TrackBack URI for this entry

Comments (5)

Subscribe to this comment's feed

Show/hide comments

Coach Outlet Store Online

I admire the valuable information you offer in your articles. Your article is a perfect product for me. It will be helpful to everyone who usess it, including yours truly Smile.

Coach Outlet Store Online , January 31, 2012

• 
• +0
• 
• 

Christian Louboutin Sale

Plenty of useful information here. Thanks for taking the time to discuss this. The comic strip is tasteful, your authored subject matter stylish.

Christian Louboutin Sale , January 16, 2012

• 
• +0
• 
• 

http://www.ralphlaurenpolo-store.net

I have to say about this is very interesting, it seems that many people like it.Okay, I will recommend my friends to have a look, look forward to the new content.

Polo Outlet , January 13, 2012

• 
• +0
• 
• 

true religion outlet

I think the media has cheap true religion misunderesti mated true religion online i know ive made discount true religion with my presidency but even I am voting for Ron Paul in 2008, he will have the courage to do what i never could do.

true religion outlet , December 12, 2011

• 
• +0
• 
• 

``

I’m still waiting for some interesting thoughts from your side in your next post thanks.

coach outlet , December 03, 2010

• 
• +0
• 
• 

Write comment

Show/hide comment form

Name

Email

Title

Comment

smaller | bigger

Subscribe via email (registered users only)

I have read and agree to the Terms of Usage.

Add Comment Preview