From erik at makeyourbusinessboom.com Mon Apr 16 12:32:12 2007
From: erik at makeyourbusinessboom.com (Erik Luhrs)
Date: Mon, 16 Apr 2007 12:32:12 -0400
Subject: [joomla] Seeking Joomla designer in N.E. New Jersey
Message-ID: <003a01c78044$cab21b70$6401a8c0@ErikLapTop>
Hello Everyone,
I am in need of someone who understands Joomla and who is located -
preferably - in northeastern New Jersey, to help me with my website.
If you're interested, please email me at erik at makeyourbusinessboom.com so we
can arrange a time to talk.
Thank you.
-Erik Luhrs
www.MakeYourBusinessBOOM.com
Organizational Development Programs.
Business Success Coaching.
Seminars, Workshops and Keynotes.
Information & Training Products.
Phone & Fax: (877) 801-1035
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1769 bytes
Desc: not available
URL:
From compustretch at gmail.com Sun Apr 22 16:07:31 2007
From: compustretch at gmail.com (forest )
Date: Sun, 22 Apr 2007 16:07:31 -0400
Subject: [joomla] Joomla Security
Message-ID:
If you haven't seen it by now,
http://www.joomlablog.org/
has so totally been hacked.
I'm expecting most people have already seen this, since its been hacked so
long its already cached on Google, but just a reminder to keep your Joomla
site secured.
cheers,
forest
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From rothmail at comcast.net Sun Apr 22 23:53:08 2007
From: rothmail at comcast.net (David A. Roth)
Date: Sun, 22 Apr 2007 23:53:08 -0400
Subject: [joomla] Joomla Security
In-Reply-To:
References:
Message-ID: <1fd50727224fb1ef131cd16206f0de4a@comcast.net>
What can be done to secure a Joomla site?
David Roth
rothmail at comcast.net
On Apr 22, 2007, at 4:07 PM, forest wrote:
> If you haven't seen it by now,
>
> http://www.joomlablog.org/
>
> has so totally been hacked.
>
>
> I'm expecting most people have already seen this, since its been
> hacked so long its already cached on Google, but just a reminder to
> keep your Joomla site secured.
>
>
> cheers,
>
> forest
>
>
>
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
From norman at enorm2.com Mon Apr 23 06:19:12 2007
From: norman at enorm2.com (Norman ONeil)
Date: Mon, 23 Apr 2007 06:19:12 -0400
Subject: [joomla] Joomla Security
In-Reply-To: <1fd50727224fb1ef131cd16206f0de4a@comcast.net>
References:
<1fd50727224fb1ef131cd16206f0de4a@comcast.net>
Message-ID: <4E10B8DF-3F00-4E8C-82CD-B04C789056FA@enorm2.com>
Make sure your extensions/modules/components are up to date and do
not represent a security hole.
this is a good place as well as the joomla forums to check on that
http://secunia.com/search/?search=joomla
Try and work with register globals off, try and secure your admin
area with an htpassword.
Above all try and keep your joomla instance up to date.
Those are some of the rules as I have learned them over the past
couple of years
Norman O'Neil
eNorm
P.O. Box 6592
Portsmouth, NH 03802- 6592
978.255.2672
http://www.enorm2.com
On Apr 22, 2007, at 11:53 PM, David A. Roth wrote:
> What can be done to secure a Joomla site?
>
> David Roth
> rothmail at comcast.net
>
> On Apr 22, 2007, at 4:07 PM, forest wrote:
>
>> If you haven't seen it by now,
>>
>> http://www.joomlablog.org/
>>
>> has so totally been hacked.
>>
>>
>> I'm expecting most people have already seen this, since its been
>> hacked so long its already cached on Google, but just a reminder
>> to keep your Joomla site secured.
>>
>>
>> cheers,
>>
>> forest
>>
>>
>>
>>
>> _______________________________________________
>> New York PHP SIG: Joomla! Mailing List
>> http://lists.nyphp.org/mailman/listinfo/joomla
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From compustretch at gmail.com Mon Apr 23 19:27:53 2007
From: compustretch at gmail.com (forest )
Date: Mon, 23 Apr 2007 19:27:53 -0400
Subject: [joomla] Joomla Security
In-Reply-To: <1fd50727224fb1ef131cd16206f0de4a@comcast.net>
References:
<1fd50727224fb1ef131cd16206f0de4a@comcast.net>
Message-ID:
On 4/22/07, David A. Roth wrote:
>
> What can be done to secure a Joomla site?
>
David,
Using the latest version I hope. As I understand, 1.0.12 underwent a full
security audit of the SQL queries used. Also I expect you're talking about
locking down an install that is known to be secure, ie you downloaded
evertying from trusted source, ran your sums, and checked all your
extensions
against known exploits, and that you've made sure you haven't already been
hacked (locking the barn door once the horse is gone, or rather, inside.)
Check all your write permissions, do the standard stuff to lock everything
down. Once you have your site set up you can make most everything
unwriteable as Joomla wirtes everything to the sqldb. Just to be on the safe
side close up directory traversing for anything youre not using. I'm sure
you know the drill.
Don't neglect the obvious like using secure (well-formed) passwords, not
dictionary words. The kiddies love to run their dictionary scripts.
Likewise, check your logs regularly to notice attacks or unusual traffic
patterns, or use a perl script to notify you. The majority of the exploits
I've seen are not for the base code but for the 3rd party plugins. This
applies to the nearly 1500 published extensions, and one expects unpublished
extensions should be treated with more caution. Check for known exploits for
each extension you are using or thinking of adding. Forum plugins are one of
the hardest hit, this has pretty much always been the case with php. If
you're using a forum, you'll definitely want to do a security check on that
module.
Assuming you're interested in php and not just content management, knowing
how how using registered globals enables exploits will help you understand
this type of attack. There are numerous pages on the web that explain this
vunerability, read them so you know what it is exactly that you are
preventing
from happening and give you a better understanding in general about php
security. If you want to stick to just content management then hire a
security professional skilled in php who will for a modest fee do a full
site audit.
If you're running on your own server you have more options, but also of
course more responsibility. That's just a few stardard security checks off
the top of my head, true sec. hardening is an art/science unto itself and
I'm sure others on the list will have other items on their basic checklist,
it is a very long list.
cheers,
Forest
TMG
InfoArchitecture+Design
ps- Congratualations on getting inducted into the Rock n Roll Hall of Fame
this year! (j/k)
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
From ajai at bitblit.net Tue Apr 24 02:29:55 2007
From: ajai at bitblit.net (Ajai Khattri)
Date: Tue, 24 Apr 2007 02:29:55 -0400 (EDT)
Subject: [joomla] Joomla Security
In-Reply-To:
Message-ID:
On Sun, 22 Apr 2007, forest wrote:
> I'm expecting most people have already seen this, since its been hacked so
> long its already cached on Google, but just a reminder to keep your Joomla
> site secured.
Its a given that you will need to keep abreast of security bulletins once
you've deployed any app. Its true of any web application and servers too.
--
Aj.