The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Joomla

Discussion in 'Security' started by sitesol, Jul 11, 2012.

  1. sitesol

    sitesol Registered

    Joined:
    Jul 11, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Hi,

    I make websites and I am reseller of a dutch hosting company that works with C-panel.
    So I work often with C-panel. I also have the control about the WHM.

    A lot of my sites work with Joomla.

    In 2011 I had often hacking of my sites.
    Often the index.php was infected first with some spamlinks.

    Now at about a month ago my hosting took extra measurements by whitelisting IP's who want to have access to C-panel/FTP. All other IP's don't come in.

    I think that was a good decision.
    I have much less hacking now.
    But the Joomla-installation is now the weak point.
    It still can be hacked (even when I upgrade always to the latest version). Check Google, you tube, and you 'll see it inmediately.
    That's why I wonder/ask how I can secure in C-panel my Joomla-installation extra?
    Because that is now clearly my weak point now.
    I upgrade always to latest version of Joomla, so that's no good suggestion.

    Gr Davy
    S. Solutions
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    A lot of times it's out of date addons, lousy passwords, out of date installs that's the problem, and/or lack of proper server security.

    What sort of server security do you have in place right now?
     
  3. borgia

    borgia Member

    Joined:
    Jun 27, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    What the company will do with legitimate users with dynamic IP's ? Any way the hack will come in, without accessing account on cPanel, the best way is to use Mod_Security and control any upload (by a webform etc). With a good Mod_Security configuration you can avoid hacking on Joomla. The best way is to stop using Joomla :). Just joking.

    But mod_security is a server level so it depends on your hosting provider.

    Regards,
    George B.
     
  4. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    253
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. srpurdy

    srpurdy Well-Known Member

    Joined:
    Jun 1, 2011
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    As mentioned installing mod_security and atomtic rules is a first good step.

    CSF Firewall is useful as well.

    Other things you can do is run php as suPHP, and disable custom php.ini files. Then also disable any functions that are considered bad functions that hackers will take advantage of if they are available. For example if joomla is hacked and they gain access to the joomla installation admin area. They could install plugins that do stuff that shouldn't be allowed. If you limit the functions that users can use you can prevent that type of attack, and mod_security will help with known exploits and know mysql injection or XSS/CSRF attacks.

    Personally my suggestion is to use suHosin for this and php 5.3+ with it's path feature so you can control which functions are enabled/disable on a domain by domain basis.

    Although if they did gain access they could still de-face the website, but by limiting what a domain can do you can prevent further damage.
     
    #5 srpurdy, Jul 12, 2012
    Last edited: Jul 12, 2012
Loading...

Share This Page