Security Checklist/Site Recovery
From Joomla! Documentation
< Security ChecklistRevision as of 16:42, 13 October 2012 by Tom Hutchison
Internet security is a vast and fast-moving topic. No one set of rules can cover all the possible situations.
The articles below will point you in the right direction. At a minimum they will do two things:
- Inform you of typical security issues
- Point you in the right direction for more information</translate>
Security Checklist Articles</translate>
- How do UNIX file permissions work?
- How do Windows file permissions work?
- How do phpSuExec file permissions work?
- Magic quotes and security
- Securing Joomla extensions</translate>
<translate> See also the Category for the Security Checklist.</translate>
Get help the right way
- If you believe your Web site was attacked, do not create yet another oh-so-boring post in the Joomla! forums with the title, "Help! I've been hacked." This tells us nothing of importance. The vast majority of compromised sites were not setup correctly or were using obsolete versions of Joomla! or third-party extensions. This is what you need to investigate.
- If you discover a real vulnerability, publishing the information could put other Web sites at risk. Instead, report possible security vulnerabilities to the Joomla! Security Task Force.
Follow a logical and rigorous recovery process
- Know the important steps to follow when your site has been compromised. Once your site has been cracked, there are few shortcuts. (FAQ)
Reset your administrator password
- Many attackers take pleasure in locking you out of your site. They often do this by changing your administrator password. If you are locked out, don't panic! There is a simple procedure for resetting your administrator password. (FAQ)
Find exploit attempts using the *NIX shell
- Know how to check for suspicious and/or modified files. Know how to check the raw Apache logs for suspicious activity on your site. (FAQ)
- If you discover a vulnerability in Joomla! core files, report it here.